Yes, I realize this guy is a Troll, but I'm gonna feed him anyway.

[Quote]
And also, remember that only Windows needs to work before being secure. Windows needs its own security holes for working.
[/Quote]

Neither Windows nor *nix is bulletproof out of the box (OpenBSD comes really close, though). If you think any *nix install is the end-all and be-all of security, you have learned *NOTHING* from reading this site :)

[Quote]
Just do your network with Unix, the operating system that creates and still operates Internet.
[/Quote]

Cisco might disagree with you on that last clause :) (IOS runs more routers/switches/gateways than *nix combined, I'd wager)

[Quote]
You will have no problem of getting and keeping it operational, as you will have no problem to secure it.
[/Quote]

...unless you run NFS, or Wu-ftpd, or SendMail, or an older BIND, or .... (do I need to go on? :P )


[Quote]
Try to disable null session on a domain controler ;
[/Quote]

Easy. RestrictAnonymous=0x2. This is a common reg hack. To make it work on a W2k DC requires a fully W2k domain, however (no NT4 or Win9x clients).

[Quote]
try to block remote command execution over NetBios on a file server
[/Quote]

Again, basic security principles (no weak passwords, no extraneous admin accounts) will prevent this from being an issue.

[Quote]
; try to manage your server remotely without opening an access as large as a remote desktop ?
[/Quote]

Easy. Start->Run. Enter 'compmgmt.msc'. Right click on the top of the tree and select 'Connect to another computer...' . Did you do *any* research at all before you posted this?


Well, Troll, it's been fun. See you next time :)


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/166/20376#20376