On Sat, 2006-04-01 at 11:19 -0600, Les Mikesell wrote: > On Sat, 2006-04-01 at 10:28, Craig White wrote: > > > I hear people talk about the lack of security in Windows but it seems to > > me, exposing a Linux system to the Internet with shell accounts and weak > > passwords is far more insecure than a typical Windows system. > > There's about 50,000 reasons you are wrong, mostly in the form > of windows viruses that attack the rpc and similar services. > On windows you don't need the equivalent of shell access since > you can do anything through the remote management console. As > long as unpatched exploits exist (and they are still being > found), passwords don't matter. Even without exploits, anything > running with domain admin privileges can do anything/anywhere > and if you don't have a domain the same is true for machines > that share the same admin password. Thus even if the rpc, > netbios, and http ports are firewalled, if you can get an > admin to execute a trojan or open an email that auto-executes, > you've got access to the whole network. ---- but Microsoft is learning - I suspect you haven't used a Windows 2003 server lately because they have made it painful to do web browsing. Your point does assume that one is actually using the computer to do web browsing and email and that would be plainly stupid on a Windows server that is exposed to the Internet. On top of that, and clearly getting way off the subject, I make sure that all my Windows users are restricted accounts just because I don't have the time or the energy to continually clean up the mess that comes with running Windows as a privileged account. I'm not stating that Windows is secure and poor administration techniques on any OS are going to get people into a world of hurt...I'm interested in raising the level of awareness for Linux users since their skill sets or lack thereof might actually impact the perception of others who don't understand and think that someone that knows how to access a shell are skilled computer administrators and we often see evidence that this isn't the case right here on the list. Hence this thread - which evidently started as a warning to the users of this list, which upon the smallest amount of inspection demonstrated that the administrators of this system were their own worst enemies...no firewall system, no dmz, unnecessary shell accounts, weak passwords, poor ssh implementation, etc. Add them all together and you've got a compromised box where the system admin starts to blunder about blaming 'spoiled users' because of the simplified passwords. This is the bottom line...if you are going to expose a system to the public... - use a commercial firewall if you don't have a thorough understanding of what constitutes a firewall computer that you can assemble yourself. A firewall system should not have shell accounts, compilers, etc. - put exposed servers in a DMZ if you care about the data on your LAN because a compromised system on your LAN should cause you to call in a full security audit which would be time consuming and expensive. Why subject your LAN to authorized use? - investigate methodologies that don't require shell access. If all people need to do is upload documents, try using anonymous ftp and script a 'scrape' of the uploaded documents from the upload directory to be mailed/copied elsewhere. If that isn't feasible, write a php/perl/ruby html page that allows users to html upload files and does proper notification to users that file has been uploaded. Shell access is rarely ever needed on an exposed system. - use a central authentication mechanism such as kerberos, LDAP, (or better yet, the combination of the two) where you can set up a password policy once and have it apply everywhere. If you are going to put shell access on publicly exposed systems, you must learn to require strong passwords, either by policy or by control. - learn to configure ssh to block incessant attempts by others to break in - many such methods have been discussed on list. Craig
