Powered By Blogger
Showing posts with label ports. Show all posts
Showing posts with label ports. Show all posts

Tuesday, January 19, 2010

Platform Vs. Knowledge

The timeless debate continues to rage on, with gasoline in the form of the latest MS attack fueling the latest platform fight: Microsoft Vs. Linux Vs. Apple.

It seems like people continue to believe that their company (or themselves) are better protected with one platform versus the other. Now, it is thought that Microsoft platforms (Server, workstation and applications like IE) are more attacked than others. Let's look at the latest figures according to the good folks at Secunia to get a better read on how vulnerable these operating systems actually are:

Linux (Ubuntu 8.04): 75 advisories
Linux (Ubuntu 9.04): 105 advisories
Linux (Debian GNU/Linux 4.0): 587 advisories
Microsoft Windows 2000 Server: 247 advisories
Microsoft Windows 2003 Server: 231 advisories
Apple Mac OS X: 138 advisories
AIX 6.x: 32 advisories

So, not to get too lost in the numbers, but one glaring thing pops out to me: They ALL have vulnerabilities! In fact, I would be willing to bet that if AIX had a bigger install base, its numbers would be much higher.

Now, regardless of what platform is being run, here's my question...Assuming you're looking at these as file servers (I know...Ubuntu is better for the desktop, regardless....), why on Earth should ANY of these platforms be accessing a Korean/Chinese/Utah IP address over 443 or port 80 on it's own? Better yet...Why are they ALLOWED to access anything over port 80 or 443? Does your policy allow administrators to browse the web from the servers?

Even better and trickier: If they are file servers, why would they require access to an External DNS server?

Can a firewall stop malicious "zero day" traffic from accessing DNS, HTTP or HTTPS traffic on the Internet, but allow "good" traffic over these same ports? Nope! So you need to start looking at the network ports that are absolutely required and deny those that are not required, both into (ingress) and out of (egress) your corporate network.

Switching platforms may be a very short term fix (and, in my opinion, nearing impossible in the corporate workplace) but in the long run, nothing beats good old knowledge...Knowing that all platforms are vulnerable to various exploits, and knowing your application systems and what services they absolutely require in order to meet business requirements.

Back with more...

Graham Thompson, CISSP
http://www.miw.ca/