Re: operationg system firewall question
From: Lars M. Hansen (badnews_at_hansenonline.net)
Date: 07/09/03
- Next message: John Elsbury: "Re: YOU FORGOT RULE---DON'T EAT HAMSTER"
- Previous message: Lars M. Hansen: "Re: Firewall Logs"
- In reply to: Magenta Sky: "Re: operationg system firewall question"
- Next in thread: Don Kelloway: "Re: operationg system firewall question"
- Reply: Don Kelloway: "Re: operationg system firewall question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 08 Jul 2003 23:57:26 GMT
On Tue, 8 Jul 2003 16:33:14 -0700, Magenta Sky spoketh
>The only way to secure a Windows box is to pound a large
>spike through it, and at least 24 inches into the concrete.
Bull***. Windows can be secured by disabling unnecessary services and
by restricting access to the various other resources by policy and file
system restrictions.
>
>I says that as a Windows network admin, BTW.
>
Right ...
>
>Windows is an absolutely insane OS for a firewall. It _cannot_
>be secured sufficiently for it, beacuse it cannot be installed
>with nothing more than is necessary for the firewall. You cannot
>install it without the GUI, you cannot install it without a lot
>of stuff that serves no purpose on a firewall, but adds in
>hundreds of thousands of lines of code that will inevitably
>have bugs and security holes in it.
>
>And that's assuming you are talking about WinNT/2000/XP,
>which actually has _some_ security in it (despite having enough
>security holes that it is not unheard of for a machine to be
>compromised quicker than it can download patches, once
>you finish the basic install). Win98 simply cannot be secured
>_at all_, and was never intended to be capable of it.
>
Yes, Windows installs a lot of stuff that is not necessary for a
firewall. All of that can be disabled either before installing the
firewall, or the firewall installation will disable it for you (we're
talking real firewalls here, not desktop toys). If you're a "windows
network admin", you should know how which services these are, and how to
disable them. You should also know which registry keys to modify to
prevent unauthorized access to the machine (firewall or no firewall)
I've installed a number of Windows based firewalls, none have ever been
compromised, and none of my installs for users have been compromised
neither before nor after applying patches.
Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
- Next message: John Elsbury: "Re: YOU FORGOT RULE---DON'T EAT HAMSTER"
- Previous message: Lars M. Hansen: "Re: Firewall Logs"
- In reply to: Magenta Sky: "Re: operationg system firewall question"
- Next in thread: Don Kelloway: "Re: operationg system firewall question"
- Reply: Don Kelloway: "Re: operationg system firewall question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
