What everyone is forgetting: 1. Microsoft Windows "out of the box" installs tend to be wide open.
2. Services like ftp, telnet, www, Indexing, remote access, remote registry, routing & remote access, RPC, Windows Mgmt, Installer and Scheduler all have known hacks and all (mostly) are open to access/exploits "out of the box". 3. There is also a little known issue with the IP stack in NT that requires a "hot fix". It implements a new randomizer. 4. Even Linux systems are prey to attack After having a customer demand I open a couple of ports (against my stern warnings) to a Linux web server (20,21,23,25), their server was hacked in less than 29 hours. The net result - They learned a big lesson (trust the people you hire to do the job right - don't interfere). In the end it cost about 30 man hours to undo the damage caused. Anyone that ignores the risks and walks headstrong into a lions den deserves to get eaten. Systems are faster and perform tasks without judgment. They are only as smart as those using them. I would never put a system in front of a firewall - REGARDLESS. There are far too many tools available to get the job done right. Oh, By The Way (BTW) Yes, you can nail down a Windows system - It's almost unusable, but you can. The same is true for almost every O.S. out there. Danny H. Cox -----Original Message----- From: Ted Bardusch [mailto:[EMAIL PROTECTED]] Sent: Friday, August 16, 2002 8:47 AM To: Marc Suxdorf Cc: Mike Burden; [EMAIL PROTECTED] Subject: Re: AW: [gb-users] win2K security problems, the facts! One thing to be aware of in setting up your hypothetical outside the firewall, up to date patched box of whatever OS -- until it's fully patched, which in some cases takes multiple reboots, it is fully exposed and vulnerable while it's downloading the updates and patches. In that time frame, a scanning attack might well succeed. I saw an article a couple of years ago that an unpatched Red Hat install was rooted in under 30 minutes on average. Windows would not likely be too different. Personally I suggest using the GB Light with default filters, that does a great job in the vast majority of cases. Ted Bardusch [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
