RE: [OT] M$ collaborates with Suse

Most hosting facilities do allow FrontPage and/or FTP access...FrontPage
does allow SSL connections but few people set it up which is sad. FTP
is clear and is probably the most common way to allow access to M$
Websites and no there is no SSH default connection which I totally
disagree with.

Remote Administration to an actual server can be done with a Terminal
Server Client (RDP) which is 128-bit encrypted on the login, 40-bit (I
believe but may be 128-bit as well) for the passing of the info/screen
shots but definately not clear.

Secure Administration on the inside can be done with Scripting. Whether
you want to use VBScript or JScript but this is only on the inside
environment and not over the internet. If stuff like this needs to be
done I will setup an SSH server on my M$ Boxes and open the firewall to
allow SSH but assign it to a different port. There are several half
decent free SSH Servers out there for Windows and I like freeSSHd.

-----Original Message-----
From: Roberto C. Sanchez [mailto:roberto@xxxxxxxxxxxx]
Sent: Friday, November 10, 2006 9:41 AM
To: debian-user@xxxxxxxxxxxxxxxx
Subject: Re: [OT] M$ collaborates with Suse

On Fri, Nov 10, 2006 at 08:10:08AM -0500, Stephen Yorke wrote:

M$'s OS is ready...if you want some WWW Sites or servers which you
think you can hack or take down let me know and I will setup a couple
and let you go at it. If you hack them cool tell me how I can better
my security if not score one for M$ and let it be.

Just remember this...your OS is only as secure as you are and if you
do not know how to secure it you shouldn't be using it.

The main problem is that Windows' design facilitates bad security
practices. I agree that a competent admin can make a windows server
just as secure as anything else. However, if you setup a windows server
with IIS, what is the most likely method to let people get access to
their web space? Probably front page or ftp. Does front page use SSL?
I know for certain that ftp does not. If you setup a *nix server it is
trivial to give users sftp in lieu of ftp (and many GUI windows clients
which support ftp also support sftp).

What about secure administration? AFAIK, the remote administration
options for windows, including the offerings from Novell and others, all
operate in the clear. The presence of a real shell in *nix systems
allows me to do things like setup an ssh server, only allowing allowing
shell access to specific users, restricting access to public keys only.
Then, on my admin workstation, I script what I need done, and then I can
trivially accomplish the tasks on multiple servers securely. Doing such
a thing is difficult, if not impossible, in the windows world.

The difficulty of being *very* secure in the windows world and still
being able to work is such that many admins take short cuts or reduce
security out of convenience. In the *nix world it is possible to be
very secure and still be able to work nearly as easily and conveniently
as if you are not secure at all.



Roberto C. Sanchez