Re: VMS cluster behind a *NIX firewall



In article <46B3275C.70509@xxxxxxxxxxx>,
"Richard B. Gilbert" <rgilbert88@xxxxxxxxxxx> writes:
Bill Gunshannon wrote:
In article <vwo3quDbQo$c@xxxxxxxxxxxxxxxxxxxxxxxx>,
koehler@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (Bob Koehler) writes:

In article <1186097570.039629.170140@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, Doug Phillips <dphill46@xxxxxxxxxxxx> writes:

Many of which run *nix, but are single-purpose appliances and who
cares what they run as long as they do the job.

Yes, but you can get those which aren't. (I know an entire
infrastructure protected by firewalls running on Solaris, I sure
hope they keep up the OS patch level.)


Why? There is no access to raw Solaris for outsiders to attack (unless
you are talking about homegrown firewalls rather than commercial offerings).
<snip>

Not true! Unpatched Solaris 8, 8, & 10 with Telnet enabled has a bug
which will allow an attacker to log in as "bin".

And you are assuming that the vendor would not gtell them to turn off
telnet. I have had telnet turned off on every server box of any kind
for years. I doubt any commercial firewall relies on telnet for access.


Solaris isn't as easy as Windows but it does have vulnerabilities!
There are a lot of things you can do to "lock it down" but it is by no
means "secure"!

You guys keep telling yourselves that. Meanwhile, Unix is still
growing market share and VMS is shrinking. Seems the rest of the
industry just doesn't seem to have as many problems with it as
the VMS community.

bill

--
Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
bill@xxxxxxxxxxxxxxx | and a sheep voting on what's for dinner.
University of Scranton |
Scranton, Pennsylvania | #include <std.disclaimer.h>
.