On Fri, Nov 10, 2006 at 08:10:08AM -0500, Stephen Yorke wrote: > > M$'s OS is ready...if you want some WWW Sites or servers which you think > you can hack or take down let me know and I will setup a couple and let > you go at it. If you hack them cool tell me how I can better my > security if not score one for M$ and let it be. > > Just remember this...your OS is only as secure as you are and if you do > not know how to secure it you shouldn't be using it. > The main problem is that Windows' design facilitates bad security practices. I agree that a competent admin can make a windows server just as secure as anything else. However, if you setup a windows server with IIS, what is the most likely method to let people get access to their web space? Probably front page or ftp. Does front page use SSL? I know for certain that ftp does not. If you setup a *nix server it is trivial to give users sftp in lieu of ftp (and many GUI windows clients which support ftp also support sftp). What about secure administration? AFAIK, the remote administration options for windows, including the offerings from Novell and others, all operate in the clear. The presence of a real shell in *nix systems allows me to do things like setup an ssh server, only allowing allowing shell access to specific users, restricting access to public keys only. Then, on my admin workstation, I script what I need done, and then I can trivially accomplish the tasks on multiple servers securely. Doing such a thing is difficult, if not impossible, in the windows world. The difficulty of being *very* secure in the windows world and still being able to work is such that many admins take short cuts or reduce security out of convenience. In the *nix world it is possible to be very secure and still be able to work nearly as easily and conveniently as if you are not secure at all. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature