VanLUG Email Archive
A Z (arek_z@yahoo.com)
Wed, 24 Feb 1999 19:13:37 -0800 (PST)
---"Mr.P" <mrp@powersource.eu.org> wrote:
>
> On Tue, 23 Feb 1999, Curt Sampson wrote:
> > On Tue, 23 Feb 1999, Mr.P wrote:
> > > I can take NT and make it wide-open to
> > > attacks (hell, that's how it shipped out of the box - NetBIOS
anyone?)...
> > > does it make it insecure? No; it's got the DOD C2 security
rating....
> > Uh...I must profess to be mystified by this statement. First, if
> > you've got the NT box connected to a network, it can't be certified
> > C2. Second, you must have some different meaning of `secure,'
> > because if someone can easily get into the machine, it's not
`secure'
> > in my sense of the word regardless of how you want to define that
> > term.
>
NT 4 is _not_ C2 certified. it is still going through the process. I
believe NT 3.51 (w/ SP3?) is considered...Many security "experts"
disagree with that though.
> I take "secure" to mean "as secure as the OS allows". In this way, I
don't
> view system security on a system-by-system basis,
I agree. it's _not_ the OS (in general), but the adminstrator that
configs and oversees the network.
exactly what C2
> certification means.
It's a gov standard of security...www.microsoft.com/security (sorry
for the sad site...probably others. I just had to look up what stage
M$ was for the C2 process)
>NT machine (<=
> SP4) to gain administrator access on www.l0pht.com. I'm not sure as to
> what conditions must exist for this attack to work (I haven't
visited the
> page).
>
There are many exploits for NT, as well as *ix though.
many web pages...just one of them www.rootshell.com
> > Generally you'd also have all the users who are all
> > > However, I do agree with you in that inexperienced admins should
probably
> > > not run Linux until they know what's going on.
> > I don't see any reason why they shouldn't, if they're going to run
> > something. An inexperienced admin's system is likely going to
> > succumb to a decently skilled hacker, or someone with a decently
> > built rootkit, whether it be an NT or Linux system
basically no network is safe. Security is a false state. There is
degrees of security though. Saying that something is 100% safe (or
uncrackable, DES...yeah, right. in 22 hours it was cracked) would be
incorrect. So saying that a network can be "succumb to a decent
skilled hacker" is a given.
-arek
_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
This archive was generated by hypermail 2.0b3 on Wed 24 Feb 1999 - 19:20:03 PST