This is almost definitely a religious argument, event the point made that
the machines need rebooting.
An NT machine does *not* need weekly, or even monthly rebooting. We reboot
our infrastructure machines when we apply a service pack, or when the power
goes out for longer than our UPS can handle.
In fact, the NetBSD machine we had as a firewall used to reboot more often
than the new NT installation which is on the same hardware!!!
YMMV, but I think the rhetoric of NT's failings has gone far enough and
facts need to be looked at.
As for Microsoft's track record with dealing with NT security issues, hop
over to the NTBugtraq archives and I think you'll see that several Microsoft
people live there monitoring and helping out with the issues - at least as
much as I've seen from other vendors on their respective lists.
Regards,
John Wiltshire
> -----Original Message-----
> From: Randall, Mark [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 4 June 1999 12:28 am
> To: 'Brian Steele'
> Cc: '[EMAIL PROTECTED]'
> Subject: RE: Why not NT?
>
>
> This is dangerously close to a religious argument, but I
> can't help but jump
> in here. The point that I can't get past is that NT is
> simply not reliable
> enough. Somebody already made the statement that rebooting
> is fine for
> desktops, but not for the infrastructure. That's a really
> key point, I
> think.
>
> Sure, there is firewall software out there for NT. Sure, you
> can set it up,
> run tests against it and say, "Look how secure it is." That
> may all be true
> and it may be very secure, indeed...but none of that matters
> if you have to
> bring down network access to reboot the damn firewall once a
> week (or more).
> Hell, even once a month would be unacceptable in my book...
>
> Between that and Microsoft's track record (with problems and
> with addressing
> security issues), there's no way I could recommend an NT
> firewall deployment
> with a straight face.
>
> I'm not bashing NT, either. If I were to deploy a Lotus
> Notes installation,
> I would recommend that Domino be installed on an NT server without
> hesitation...but I certainly wouldn't use NT as part of a
> security solution.
>
>
>
> -----Original Message-----
> From: Brian Steele [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 02, 1999 9:47 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Why not NT?
>
>
>
> It seems that people are mis-reading my last message. Or
> perhaps I didn't
> explain myself clearly - more likely the latter, as I
> should've perhaps used
> "implementing", instead of "employing" :-).
>
> When referring to companies who've successfully employing,
> er, implementing,
> firewalls on NT, I was referring to those that have created
> and are selling
> firewall products that run on the NT platform. There are a
> host of them.
> Including Microsoft's Proxy Server (gd&r).
>
> Obviously these companies have a different view regarding
> NT's security.
>
> IMHO, the anti-NT crowd needs to stop brown-nosing each other
> concerning the
> "insecurity of NT". If they're REALLY interested, then I
> suggest to them,
> take your fingers out, look at the NT-based Firewall
> products, then provide
> opinions about same. If one of these products running on the
> NT platform
> proves to be insecure, then I'm sure many of us would be
> interested in this
> information, as we would about any other firewall
> applications that prove to
> be insecure.
>
> However, I, and am sure many others, are not interested in the usual
> pontification concerning NT and its security. Those who know
> better know
> that the security of a system is primarily dependent on who's
> administering
> that system and how it's been implemented, not the OS.
>
>
> Brian Steele
>
> BTW - were any of the government sites hacked this week running NT?
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
