Can someone explain this to me 916
 |
That's a function of the design of the environment. IMO it is a totally misdesigned environment; furthermore if such an environment is *really* necessary, then the administrators are security-conscious enough to not even *think* about installing a Microsoft OS.
On Sun, 20 Feb 2005 10:31:10 -0800, Daeron Daeron is a bi-polar nutcase who refuses to take his...
MS (and you) like to cream their pants over their security clbuttification, but how many NT machines are actually deployed in situations where such a clbuttification is necessary? I suspect this number is negligible. At which moment several monitors go off and an administrator is paged immediately. In a high security environment you'll also have an admin handy doing 24-7 monitoring, or at least someone available to react immediately on a monitor sounding an alarm.
For those of you new to COLA or just pbutting through ... Flatfish is an obsessive compulsive who has been stalking COLA for years. As to why he has become fixated on COLA we...
Can't do that. As soon as the logs show a service interruption, any admin is going to do some forensics. And since the loghost has the logs of all that went on before the interruption, they'll have at least a trace to the break-in. If the architecture is properly multiple-redundant there is even the possibility to take the machine off-line, dup the harddisk and do a proper forensic investigation on the duplicate (after sealing the original as police evidence).
Here you go Mr. Evil Hacker: you get to penetrate the outer defences of an organisation, but you leave enough trails for a police investigation. Ending in jail is *quite* probable.
That machine failure is going to look mighty suspicious if there are traces of a break-in before the interruption. And you may not know it, but the logs from a *nix machine are quite a bit more detailed than the NT Event Viewer, even discounting the possibility that all outward facing services log at a higher debug level.
And I maintain that this sounds as a justification after the fact. The downsides of MS' file locking scheme outweigh the potential security benefit by such a magnitude that I can do nothing but conclude that this 'feature' is misdesigned.
Mart
BSA in open (standards) revolt Lucy Sherriff Feb 18 2005 The BSA has called on the European Commission to relax its requirement for open standards .. .. Benoit MŸller .. said that the EC's...
-- "We will need a longer wall when the revolution comes." --- AJS, quoting an uncertain source.