RE: [fw-wiz] Worms, Air Gaps and Responsibility

From: Gwendolynn ferch Elydyr (gwen_at_reptiles.org)
Date: 05/10/04

  • Next message: Paul D. Robertson: "Re: [fw-wiz] Quick TCP Survey" 
    To: Mark Gumennik <mgumennik@mitre.org>
Date: Mon, 10 May 2004 15:05:53 -0400 (EDT)

    On Mon, 10 May 2004, Mark Gumennik wrote:
    > This is exactly my point:

    Uh... is it? The last time your point seemed to be that you:

            (1) Need 5x more administrators to run Linux rather than Windows
            (2) Can't handle AAA on Linux
            (3) Are deeply suspicious of non-US governments

    ... so now we've suddenly shifted topics.

    > If you want to put LINUX on the DESKTOP you have to use all the bells and
    > whistles which makes vuln. on it equal to MS

    That's quite a leap of logic you're making. You've basically gone:

            (1) Put Linux on the desktop [statement]
            (2) Install bells and whistles [presumption]
            (3) Linux is as vulnerable as Microsoft [conclusion]

    In order for this to hang together in any respect, you'll need to provide
    something in place of step (2) that's proveable. The more normal way to
    go about roling out -any- platform is:

            (1) Establish the task(s) to be performed
            (2) Identify appropriate tools(s)
            (3) Setup environment

    Now - you'll notice that this doesn't involve "install bells and whistles".
    In fact, it involves "install what is needed to acomplish task(s)". I'd
    recommend that you read "The Practice of System and Network Administration"
    by Tom Limoncelli and Christine Hogan, which describes the process of
    creating a stable, administrable environment - whatever the OS may be.

    > PS I'm glad I made such a splash, how wonderful it'd be to go back to the
    > world were the knowledge of 25-30 network commands made us all look sacred.

    Hrm. No, not a splash ;> I'm glad that the other folks that I know at
    Mitre aren't at your level.

    > Speaking of LDAP , Kerb and other tools : obviously the use of them makes us
    > look much better than such earthy things as MS AD or Novell NDS where all
    > this staff is already built-in FOR THE DESKTOPS (not for the remote AAA).

    Uh... you -really- need to familiarize yourself with Linux/unix before you
    start spouting off. It's embarassing.

    > To entertain you even more: a little quiz for the experts (please quiz
    > yourself, don't send me responses, I won't grade them :-): How many servers
    > are involved in Kerberos communications? How many messages are sent back and
    > force before the actual authentication? Can you name at least 10% of them?

    You -do- know that AD uses Kerberos, right?

    cheers!

    [0] Please - no need to shout. "Linux" is correct usage.
    ==========================================================================
    "A cat spends her life conflicted between a deep, passionate and profound
    desire for fish and an equally deep, passionate and profound desire to
    avoid getting wet. This is the defining metaphor of my life right now."

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Paul D. Robertson: "Re: [fw-wiz] Quick TCP Survey"
    • Quantcast