[Snort-users] Still Help Needed: i want to make a firewall

Robert Reid rreid at ...7835...
Thu Apr 17 07:53:10 EDT 2003


I've been running public NT boxes for years and have never had one
compromised.

I run everything from firewalls (FW1 and ISA) to Web servers (IIS 5.0, 6.0),
FTP servers, Terminal servers, etc etc.

I have a hand in literally hundreds of publicly exposed NT/2000/.NET
machines, all watched over by Snort and various other intrustion detection
methods.

Windows can be made VERY secure, I have had boxes audited by some of the
best security people in the business, and come up completely clean.

The point im trying to make is, if you are a professional who works with
Windows and you know your stuff, servers and workstations can be built to be
almost bulletproof and easily as secure as a comparable *NIX.

If you take the time to understand Windows security, you will learn its
flexible, fairly easy to configure, and with tech like AD, GPO's, and
security templates, security configuations can be easily duplicated to large
amounts of boxes at a time.

I firmly believe that most times a machine is compromised, it's the Admin
that's getting hacked, not the OS.

Cheers


-----Original Message-----
From: Rich Adamson [mailto:radamson at ...2127...] 
Sent: Thursday, April 17, 2003 9:26 AM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Still Help Needed: i want to make a firewall



> Agreed whole heartedly. Although properly securing a windows box is 
> just as
> complex a problem as properly securing a unix server, it's not impossible.

> The only degree to which it is worse is the absolutely horrid history of 
> exploits to IIS (not that Apache is any better).
> 
> I certainly would question the wisdom of running snort on a NT box 
> that
> sits outside your firewall and runs IIS on the external interface. But I'd

> also question the wisdom of doing the same thing with a Linux box running 
> Apache, bind, ssh, or sendmail on the external interface. 

We've worked with corporations in 40+ states as independent network
performance and security consultants. In the past 18 months or so, we've
seen many small to medium size companies discontinue their Linux/BSD systems
(replaced with Win2k boxes) due to staff training and internal support
costs; had nothing to do with capabilities, performance or security.
(Personally don't 
care, we run NT, Win2k, multiple Linux versions, Sun, etc.)

Several of these clients have NT and Win2k servers directly on Internet
segments, and after multiple years of exposure, have not been compromised as
yet. On the flip side, one client's hardened BSD box (with current 
patches) was compromised and a root kit installed. Regardless of OS, 
security is still an issue of understanding/knowledge/experience and 
applying it to whatever system that's in use. Any missed steps in the
process can obviously create a problem.

An interesting exercise for those that would like empirical data: count 
the number of security alerts by OS in any reasonably complete database.
Every OS needs about the same level of attention.

Rich




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf _______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list