Firewall Wizards mailing list archives
RE: Worms, Air Gaps and Responsibility
From: "Paul D. Robertson" <paul () compuwar net>
Date: Mon, 10 May 2004 14:37:23 -0400 (EDT)
On Mon, 10 May 2004, Mark Gumennik wrote:
Ron, This is exactly my point: If you want to put LINUX on the DESKTOP you have to use all the bells and whistles which makes vuln. on it equal to MS
Support your claim with data, or examples. I don't need to open RPC to anything other than loopback for Linux on the desktop (and rarely even there.) In fact, I tend to turn *off* more things than I turn *on* for a Linux machine when I'm configuring it from a default install. Furthermore, I'm capable of running almost all services at a priv. level less than local administrator- which doesn't make the vulns equivalent. For SMB, sure- I'd have about the same vulnerability surface *for that service in and of itself*, but in a Windows environment, it'd be hooked in to a RPC endpoint mapper that's as bad as portmapper has traditionally been on *nix. Fortunately, portmapper is one of the things I turn off on Linux boxes, desktop or server- unless it's a Solaris box which really likes portmapper, in which case only loopback is allowed to access the RPC services. Now, the real point (since you obviously missed it) that everyone was making in regards to your original argument about vulnerabilities is that Linux only looks bad when you count all the silly things that nobody sane would install on a corporate desktop. Trying to turn that from "more vulnerabilities on bugtrack (sic) to "equal" is disingenious when you're trying to stand behind a point, since I already said "about equal."
PS I'm glad I made such a splash, how wonderful it'd be to go back to the world were the knowledge of 25-30 network commands made us all look sacred.
3 replies is a splash? Mitre never used to be so attention-starved- are you waiting on a clearance? I don't know what axe you're trying to grind here- admins need to know things in any environment- Windows is no different in that matter. I'm not even sure why you think any admins feel a need to "look sacred." You've obviously got some baggage, with all the casting of aspersions- but outside of the strawmen you're trying to assert, you've come up with nothing of substance to support your argument.
Speaking of LDAP , Kerb and other tools : obviously the use of them makes us look much better than such earthy things as MS AD or Novell NDS where all this staff is already built-in FOR THE DESKTOPS (not for the remote AAA).
You can use AD or NDS for Linux (or both- in fact you can put up per-service authentication and use one of every type there is if it floats your boat), once again you're setting up straw men. Perhaps you should spend some time looking at Linux before trying to pass off bogus opinions as factual. You've gone from "doesn't support directory authentication well," to "takes more juju than AD or NDS." Bzzzt- all the choices, plus more- that's not a *bad* thing, it's a *good* thing. Since AD is based upon Kerberos for its default primary authentication mechanism, I don't see how you come to the conclusion that AD is any more "built-in FOR THE DESKTOPS" than Kerberos. Nice use of caps - NOT! Lose the baggage and bring some facts, ok? Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Worms, Air Gaps and Responsibility, (continued)
- RE: Worms, Air Gaps and Responsibility Mark Gumennik (May 11)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 11)
- AIX LPAR security hermit921 (May 25)
- Re: AIX LPAR security Paul D. Robertson (May 25)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 11)
- widnows vs unix and security Re: Worms, Air Gaps and Responsibility ArkanoiD (May 12)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 11)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re: Worms, Air Gaps and Responsibility R. DuFresne (May 10)
- RE: Worms, Air Gaps and Responsibility Mark Gumennik (May 10)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 10)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 10)
- Re: Worms, Air Gaps and Responsibility Adam Shostack (May 10)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re[2]: Worms, Air Gaps and Responsibility Paul Van Noord (May 07)
- Re[2]: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 07)
- Re[2]: Worms, Air Gaps and Responsibility Eric Maiwald (May 07)
- Re: Worms, Air Gaps and Responsibility Vinicius Moreira Mello (May 10)
- Re: Worms, Air Gaps and Responsibility Bret Watson (May 10)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 10)