RE: Worms, Air Gaps and Responsibility

[Gwendolynn ferch Elydyr <gwen () reptiles org>]

On Mon, 10 May 2004, Mark Gumennik wrote:
> This is exactly my point:

Uh... is it? The last time your point seemed to be that you:

        (1)     Need 5x more administrators to run Linux rather than Windows
        (2)     Can't handle AAA on Linux
        (3)     Are deeply suspicious of non-US governments

... so now we've suddenly shifted topics.

> If you want to put LINUX on the DESKTOP you have to use all the bells and
> whistles which makes vuln. on it equal to MS

That's quite a leap of logic you're making.  You've basically gone:

        (1)     Put Linux on the desktop                        [statement]
        (2)     Install bells and whistles                      [presumption]
        (3)     Linux is as vulnerable as Microsoft     [conclusion]

In order for this to hang together in any respect, you'll need to provide
something in place of step (2) that's proveable.  The more normal way to
go about roling out -any- platform is:

        (1)     Establish the task(s) to be performed
        (2)     Identify appropriate tools(s)
        (3)     Setup environment

Now - you'll notice that this doesn't involve "install bells and whistles".
In fact, it involves "install what is needed to acomplish task(s)".  I'd
recommend that you read "The Practice of System and Network Administration"
by Tom Limoncelli and Christine Hogan, which describes the process of
creating a stable, administrable environment - whatever the OS may be.

> PS I'm glad I made such a splash, how wonderful it'd be to go back to the
> world were the knowledge of 25-30 network commands made us all look sacred.

Hrm. No, not a splash ;> I'm glad that the other folks that I know at
Mitre aren't at your level.

> Speaking of LDAP , Kerb and other tools : obviously the use of them makes us
> look much better than such earthy things as MS AD or Novell NDS where all
> this staff is already built-in FOR THE DESKTOPS (not for the  remote AAA).

Uh... you -really- need to familiarize yourself with Linux/unix before you
start spouting off.  It's embarassing.

> To entertain you even more: a  little quiz for the experts (please quiz
> yourself, don't send me responses, I won't grade them :-): How many servers
> are involved in Kerberos communications? How many messages are sent back and
> force before the actual authentication? Can you name at least 10% of them?

You -do- know that AD uses Kerberos, right?

cheers!

[0] Please - no need to shout. "Linux" is correct usage.
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards