RE: [OT] M$ collaborates with Suse



Most hosting facilities do allow FrontPage and/or FTP access...FrontPage
does allow SSL connections but few people set it up which is sad. FTP
is clear and is probably the most common way to allow access to M$
Websites and no there is no SSH default connection which I totally
disagree with.

Remote Administration to an actual server can be done with a Terminal
Server Client (RDP) which is 128-bit encrypted on the login, 40-bit (I
believe but may be 128-bit as well) for the passing of the info/screen
shots but definately not clear.

Secure Administration on the inside can be done with Scripting. Whether
you want to use VBScript or JScript but this is only on the inside
environment and not over the internet. If stuff like this needs to be
done I will setup an SSH server on my M$ Boxes and open the firewall to
allow SSH but assign it to a different port. There are several half
decent free SSH Servers out there for Windows and I like freeSSHd.

-----Original Message-----
From: Roberto C. Sanchez [mailto:roberto@xxxxxxxxxxxx]
Sent: Friday, November 10, 2006 9:41 AM
To: debian-user@xxxxxxxxxxxxxxxx
Subject: Re: [OT] M$ collaborates with Suse

On Fri, Nov 10, 2006 at 08:10:08AM -0500, Stephen Yorke wrote:

M$'s OS is ready...if you want some WWW Sites or servers which you
think you can hack or take down let me know and I will setup a couple
and let you go at it. If you hack them cool tell me how I can better
my security if not score one for M$ and let it be.

Just remember this...your OS is only as secure as you are and if you
do not know how to secure it you shouldn't be using it.


The main problem is that Windows' design facilitates bad security
practices. I agree that a competent admin can make a windows server
just as secure as anything else. However, if you setup a windows server
with IIS, what is the most likely method to let people get access to
their web space? Probably front page or ftp. Does front page use SSL?
I know for certain that ftp does not. If you setup a *nix server it is
trivial to give users sftp in lieu of ftp (and many GUI windows clients
which support ftp also support sftp).

What about secure administration? AFAIK, the remote administration
options for windows, including the offerings from Novell and others, all
operate in the clear. The presence of a real shell in *nix systems
allows me to do things like setup an ssh server, only allowing allowing
shell access to specific users, restricting access to public keys only.
Then, on my admin workstation, I script what I need done, and then I can
trivially accomplish the tasks on multiple servers securely. Doing such
a thing is difficult, if not impossible, in the windows world.

The difficulty of being *very* secure in the windows world and still
being able to work is such that many admins take short cuts or reduce
security out of convenience. In the *nix world it is possible to be
very secure and still be able to work nearly as easily and conveniently
as if you are not secure at all.

Regards,

-Roberto

--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com



Relevant Pages

  • Ftp over activesync
    ... now the problem could come from activesync 4.5 and windows ce 5.0 or it's ... computer and retrives some files from the FTP server. ...
    (microsoft.public.windowsce.app.development)
  • Re: FTP Setup in WIndows 2000 help
    ... Thank you for responding Bernard. ... The more I use Win2k Server the more I realize I am no IT guy... ... So FTP is still not working and now I seem to have broken forms on the ... to set up a basic login FTP service on a Windows ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Folder sharing and ZA
    ... rather than have a shared folder you could set up either an FTP ... server or Web server on your machine. ... but be aware that regular FTP isn't very secure - passwords can be ...
    (comp.security.firewalls)
  • Re: DB2 queries without using MF.
    ... That Windows data cannot be adequately secured is a canard. ... well now we know how secure the the links are just wonder how the 37 *MILLION* credit card numbers that got stolen... ... Don't confuse the desktop PC with the server. ... I have experienced an auditor trying to do his job and he is twarted at every turn. ...
    (bit.listserv.ibm-main)
  • Re: OpenSSH Windows Security
    ... SFTP is typically defined as using an SSH capable FTP client to connect ... It uses the "native" commands on the server to provide ... (does Tuxcmd have a Windows port)? ...
    (alt.computer.security)