Derek Martin wrote:
> We fight this fight too, but this one's MUCH harder to win... Management
> types insist they need Windows. We plan to use Samba to run login scripts
> which HELP the problem, but definitely don't solve it.
>
> The solution to Windows security is don't use it.
I've been sitting on my hands through this whole (interesting
and, IMO, useful) thread, but I came up off my chair for this one.
In many, if not most, corporate networks, this just isn't an option.
No matter how much WE might like Unix, there WILL be Windows machines
on our networks.
I'm by no means a security guru, but as others have pointed out,
security is a matter of lots of defenses and never-ending vigilance.
[Gosh, sounds like SAC, eh? :-) ] Firewalls are a part of the
solution. But you have to assume internal threats (from at least
carelessness, if not maliciousness...), and since most of us will
have somewhat uncontrolled PeeCees on our networks, we *have* to
assume that root on workstations can be compromised. SO - what's
called for good server security and secure network file service:
something we just don't seem to have tools for.
What really bugs me is that *Microsoft*, of all companies, is
making an effort to do something about this, with the widespread
use of Kerberos (corrupted or otherwise). If we Unix dweebs had
gotten our act together and done something about replacing NFS
before this, we wouldn't be in the position of squabbling about
root access to Unix machines while Microsoft goes on conquering
the computing world.
Let me pose these questions: what IS available in the Unix world
for secure file service? I thought Project Athena was supposed to
nail this problem, but with what? There's AFS, too. Is anyone
USING any of these systems? Or are we all just using NFS and
Samba (as I am...) and grousing about the problems?
-- Jerry Callen Mobile: 617-388-3990
Narsil FAX: 617-876-5331
63 Orchard Street email: [EMAIL PROTECTED]
Cambridge, MA 02140-1328
PGP public keys available from http://pgp.ai.mit.edu
fingerprints:
DH/DSS key ID 0x1806252C: 7669 A4CD 759A 6EB7 AF04
C10D B659 2A4B 1806 252C
RSA key ID 0x99F7AAE5: D265 DC9C 13FD 6110
30F5 1874 A206 24B1
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
