Firewall Wizards mailing list archives

RE: Worms, Air Gaps and Responsibility

From: "Mark Gumennik" <mgumennik () mitre org>
Date: Mon, 10 May 2004 14:07:49 -0400



-----Original Message-----
From: R. DuFresne [mailto:dufresne () sysinfo com] 
Sent: Monday, May 10, 2004 1:42 PM
To: Mark Gumennik
Cc: Paul D. Robertson; Devdas Bhagat; firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] Worms, Air Gaps and Responsibility

If we counted each and every addon app under windows, like the counts that
are done for linux, then the numbers would reflect the problems that
windows systems and the application folks use under tthat OS.  Now what is
Linux and what should be counted as a vuln against it?  Should we only
count what is in the kernel and perhaps the modules that folks can decide
to use?  Or do we count each and ever package that might be added in?  Not
all linux installs of course require a web server, or dns/bind.  Many do
not even include or require X.  Watch how you read these vuln reports in
the major media channels, and even on good ole bgtrack, they are slanted
to make MS and redmond look sweeter these days <smile>.[0]
))))))))))))))))))))))

Ron,
This is exactly my point:
If you want to put LINUX on the DESKTOP you have to use all the bells and
whistles which makes vuln. on it equal to MS

Mark G

PS I'm glad I made such a splash, how wonderful it'd be to go back to the
world were the knowledge of 25-30 network commands made us all look sacred.
Speaking of LDAP , Kerb and other tools : obviously the use of them makes us
look much better than such earthy things as MS AD or Novell NDS where all
this staff is already built-in FOR THE DESKTOPS (not for the  remote AAA).
To entertain you even more: a  little quiz for the experts (please quiz
yourself, don't send me responses, I won't grade them :-): How many servers
are involved in Kerberos communications? How many messages are sent back and
force before the actual authentication? Can you name at least 10% of them?
Good luck


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Worms, Air Gaps and Responsibility, (continued)
- - - Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 08)
    - RE: Worms, Air Gaps and Responsibility Mark Gumennik (May 11)
    - RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 11)
    - AIX LPAR security hermit921 (May 25)
    - Re: AIX LPAR security Paul D. Robertson (May 25)
    - Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 11)
    - widnows vs unix and security Re: Worms, Air Gaps and Responsibility ArkanoiD (May 12)
    - RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 11)
    - Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
    - Re: Worms, Air Gaps and Responsibility R. DuFresne (May 10)
    - RE: Worms, Air Gaps and Responsibility Mark Gumennik (May 10)
    - RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 10)
    - Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 10)
    - Re: Worms, Air Gaps and Responsibility Adam Shostack (May 10)
    - RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
    - Re[2]: Worms, Air Gaps and Responsibility Paul Van Noord (May 07)
    - Re[2]: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 07)
    - Re[2]: Worms, Air Gaps and Responsibility Eric Maiwald (May 07)
    - Re: Worms, Air Gaps and Responsibility Vinicius Moreira Mello (May 10)
    - Re: Worms, Air Gaps and Responsibility Bret Watson (May 10)
    - Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)

(Thread continues...)