Re: [WinMac] unix/ nt security diffs?

bartosh@apple.tamu.edu
Tue, 18 May 1999 23:58:53 -0500 (CDT)

On Tue, 18 May 1999 CHoogendyk@aol.com wrote:

>
> In a message dated 5/17/99 1:34:07 PM, bartosh@apple.tamu.edu writes:
>
> >I am looking for a web page or something detailing differences
> >between the unix security model and NT's.
> >
> >One of my jobs is helping a Department here plan and integrate OS's
> >into the resource/support strategy, and a minor research group has
> >decided they want to use nt.
>
> Are you looking for user access or security?

User access.

>
> If you have the latest NT and the latest Unix, the access controls on a file
> might be fairly similar. But that just scratches the surface of security
> issues. You could take a 5 day (40 hour) course on either Unix or NT security
> and it would just be a primer. Since I'm at home and not at work, I don't
> have my bookmarks, but there is an excellent site at purdue that is a focal
> point for security issues. You can jump off from there to a large number of
> other interesting sites. They will point you to virus sites, hacker sites,
> software sites for third party security, etc.
>
Fairly familiar with Uni*, but is seems like nt's model (from reading) has
all the security based on directories... ie you can list, write to, modify
members, or read members, etc, instead of Uni* where you have rwx on the
directory and every file.

The concept of groups seems slightly more signifigant in nt than in unix,
and nt's whole file permission model, from what I am reading in the
O'Riley annoyances book, seems sort of silly and a lot less flexible.

The only things I have ever gone in depth on with nt though are SFM and
printing, so I wanted to get some first hand feed back before I go into a
testing situation around the first of June.

> If you look at Unix, you can start with controlling who can access what
> files. Then you can look at authentication issues, protecting root access,
> password quality, shadow password files, secure socket layer, encryption,
> closing off back doors, .... (I have a 2.5" thick book on Unix and Network
> Security.
>
> If you look at NT, similar story but all the details are different. To really
> secure an NT workstation, you have to get into all kinds of registry edits or
> third party security software. My gut sense is that a Unix system is easier
> to really secure than an NT system.

Mine as well, but like I said I am asking for opinions of those more
versed than I before I begin testing.

>
> Just as an example, our public NT workstations in the university library seem
> to get hacked fairly regularly in spite of man months of work spent on trying
> to develop a secure system. We end up simply re-Ghosting a station when it
> gets messed up. (Ghost [now owned by Symantec/Norton] basically reformats the
> drive and copies a disk image over the network, then adjusts the SIDs, IPs,
> etc.)
>
> Well, I feel like I'm ranting on without really knowing what you are after.
>
> If you could ask some more specific, pointed questions based on what I have
> said already, I might try again -- or someone else will chime in.

Basicly am interested in basic permissions model- is what I have stated
above correct?

>
> Chris Hoogendyk
> Network Specialist
> UMass Library, Amherst
>
> Managing Novell, NT and Unix servers from my desktop Macintosh G3.
>
> * Windows-MacOS Cooperation List *
>
>
>

* Windows-MacOS Cooperation List *

This archive was generated by hypermail 2.0b2 on Tue May 18 1999 - 21:59:47 PDT