[TriLUG] OT: USA Patriot Act II

Stephen P. Schaefer sschaefer at acm.org
Sun Feb 9 22:26:28 EST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ah, but the ability to filter *is* there, at least in Windows 2000
server.  The problem is, Microsoft uses a gibberish vocabulary to
describe what it does, and I was unable to find comprehensible
documentation.  All I know is that, as soon as I turned it on, almost
all network traffic stopped moving.  It is, of course, an elaborate GUI
with bountiful help screens that repeat the labels on the gruntboxes in
full sentences.  After fruitless google searches, I gave up and
implemented my security policy on a Cisco router using their ACL's.  I
claim authority to declare M$'s vocabulary gibberish: I've got ten years
doing firewalls on Cisco, Checkpoint FW-1, Darren Reed's IP Filters,
ipchains, and iptables.  There is perhaps someone who can make that
stuff work, but not any of the Windows administrators I know - and I've
known some decent ones.  Given all the other tools available, I've never
felt compelled to spend thousands of dollars to learn this amateur
obfuscation of straightforward IP filtering.

Microsoft, of course, can blame their customers.

~    - Stephen

Greg wrote:

|>I wonder what the DoJ thinks about Open Source?  Do you think they have a
|>list of all participants in OS lists?
|>
|
|I don't know if the government knows about all the participants on a
|particular OS list (and I"m 100% positive that many lists are monitored
|- at least via programs that try to gather data and present that
|information statistically).  
|
|Anyway, the Department of Homeland Defense is very interested in what is
|going on with the Open Source movement.  There was a large push last
|year to figure out just exactly where Open Source is in use in the DOD
|(and government as a whole), what it is being used for, and why.  The
|information, at this point, is considered to be "sensitive but not
|classified" but I wouldn't be surprised if it does end up classified
|because everything else seems to be these days.
|
|Anyway, what I can tell you regarding Open Source in the government
|space is many, many, many people are very hot under the collar about the
|Slammer worm and there are now questions like "why isn't iptables, or
|something like it, built into the NT kernel so I can globally filter out
|a specific port on every workstation?" to which my answer is "it
|wouldn't be iptables or anything like it that would be implemented under
|NT.  It would be iptables++, or myPacketFilter, which would have holes
|built into it so your machine would be enabled for proprietary
|communication with the holders of the source code patents, hence the
|packet filter would be useless.  Only when a specific company does not
|benefit directly from security software will we ever have an effort to
|code and implement a truly secure system on the operating system
|level".  I try not to roll my eyes when I say things like this.  
|
|The good news is that while Linux might not gain greater market share
|this year or even next I do believe that eventually we will see larger
|adoption of Open Source products, or BSD variants, in the Government.
|
|Time will tell.  
|
|Greg
|
|
|_______________________________________________
|TriLUG mailing list
|    http://www.trilug.org/mailman/listinfo/trilug
|TriLUG Organizational FAQ:
|    http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+RxvkV//0pa9oOLcRAhk4AKC2lyGjqukkpFp4H3InVyzeWgxgAQCeMSU9
LvV1jHdpZPqxPrWJ8UXJAnY=
=3Jh5
-----END PGP SIGNATURE-----





More information about the TriLUG mailing list