Security

10 things you can do to improve network and PC security

Securing your network and PCs is a never-ending battle. Here are some effective strategies to add to your arsenal.

Security. It's that which drives some administrators to early retirement, gray hair, or a permanent room in a padded cell. Okay, that's an exaggeration... but you get the idea. Security is tops on most every administrator's list. And with good reason. Incomplete or poor security can bring down a company's network and/or computer resources. That equates to lost work, which affects bottom line.

Administrators must do all they can to ensure the security of their networks. But for some (especially those without the financial resources), just knowing where to start and what to use is the biggest challenge. With that in mind, I thought I'd lay down 10 tools and methods to help you arrive at better network/PC security.

1: Use Linux

I can already hear the groans from the gallery, but the truth of the matter is, you will cut down on PC security issues if you begin migrating at least some of your desktops to Linux. The best way to do this is to migrate users who don't require the use of proprietary, Windows-only applications. If you use Exchange, just make sure you set up OWA so that the Linux users can access Web mail. Migrate a quarter of your desktops to Linux and that's a quarter fewer security risks you'll have to deal with.

2: Block users from installing software

I've had to deal with companies that do this. Yes, it can be a pain when users actually need a piece of software installed (you'll have to visit their offices just to enter the administrator credentials), but the dividends it pays off are significant. You'll have far fewer viruses and less malware to deal with than you would if the users were allowed to install at will. The give and take is certainly worth it here.

3: Upgrade your antivirus

I'm always shocked when I see antivirus tools that are out of date. This goes for applications and virus definitions. When dealing with the Windows platform, it's crucial to keep everything as current as you possibly can. Keeping antivirus up to date is the only way to help protect vulnerable machines from malicious software and files.

4: Switch your browser

Not to stir up the mud, but the truth of the matter is simple: Internet Explorer is still an incredibly insecure browser. One of the best things you can do is migrate your users from IE to Firefox. Yes, Firefox may be getting a bit bloated, but it's still far more secure than the Windows counterpart.

5: Disable add-ons

Browsers and email clients make use of add-ons. Some are necessary for work -- some are not. Those that aren't needed should not be used. Although some add-ons offer some handy features, it's not always possible to ensure the validity or security of an add-on. And even when you can, it's not always a given that the add-on won't affect the performance of the machine. I've seen plenty of Outlook, IE, and Firefox add-ons drag a machine to a screeching halt.

6: Deploy a hardware-based firewall

Let's face it: The built-in Windows firewall is simply not sufficient. If you want real security, you need a dedicated firewall on your network. This firewall will be a single point of entry that will stop many more attempted breaches than the standard software-based firewall will. Besides, the hardware-based fire will be far more flexible and customizable. Look at a Cisco, Sonicwall, or Fortinet hardware firewall as your primary protection.

7: Enforce strict password policies

For the love of all things digital, don't let your end users control their password destiny. If you do this, you'll wind up with accounts and systems protected with "password", "1," or worse -- nothing at all. Make sure all passwords require a combination of upper/lowercase, numbers and letters, and special characters. While you're working on password policies, be sure you enforce a rule that passwords must be changed every 30 days. It's an inconvenience, but it's worth the security it brings.

8: Do not share networked folders with "Everyone"

Although it's tempting (especially when you can't figure out why a user can't access a folder), do NOT give the Everyone group access to a folder. This just opens up that folder to possible security issues. If this becomes an absolute necessity, only do it temporarily. For security's sake, spend the extra time troubleshooting why that user can't access the folder, instead of just giving Everyone full access.

9: Use network access control, like PacketFence

PacketFence is one of the most powerful NAC tools you will find. With this tool, you can manage captive-portal for registration and remediation, and you have centralized wired and wireless management, powerful guest management options, 802.1X support, layer-2 isolation of problematic devices, and much more. With this system on your network, you can rest assured that rogue devices will have a much smaller chance of connecting.

10: Use content filtering to protect from malware

I'm not a big fan of posing as Big Brother, so I don't advocate too much content filtering. I do, however, believe it's valid to use content filtering to prevent malware. There are obviously certain phrases, keywords, and URLs that can and should be filtered, based on their history of causing malware. I won't post the best keywords to filter for malware, as those words might land me in trouble. Just do a simple search for keywords associated with malware.

Other tips?

Securing your network and PCs is a constant battle. But with the right tools and strategies, your network can be a much safer arena for productivity. Give a few of these options a look and see if they offer the missing pieces needed to further secure your environment.

What security measures do you take to safeguard your organization? Share your ideas with fellow TechRepublic members.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

103 comments
jcitron
jcitron

so get rid of the users. I wish it was that simple. The users are the ones that cause the problems for themselves and the networks by opening the doors for the malware and hacks to come in. No matter what kind of work we do on the back end, this little crack in the infrastructure will allow the bugs in. To help mitigate this problem, we need to educate the users by making them aware of the implications of poor computer habits and to be on the look out for such things as phishing emails and other blatent attacks. Unlike Jack and some other people here, many of us have to use Windows and Internet Explorer by default due to the types of applications that the user needs. Oracle's Siebel CRM on Demand for example uses ActiveX plug-ins. This will not work in Firefox or Chrome, so that means the user has to use IE for this application. Since they're using IE for one thing, they'll use it for all their browsing. Linux and Solaris are out because of their need for MS Windows. There are VB Scripts and application plug-ins written strictly for MS Excel. This too precludes using anything else including Open Office which is our default office suite where I work. I could go on, but the main point is we can do this alone and hope that the little fence around the garden will keep the critters at bay. We need the people that live in the garden to cooperate with us to make it work.

chdchan
chdchan

Making those secret things less shareable will result in lesser probability of leakage. I think future versions of OS should incorporate security features of non-shareability and access auditing.

az-henry
az-henry

I will put it simpil I have spent a long time in fixing computers with infections I find far more infections in computers that are using fox or crom then I find in computers using IE as well as NSS labs had an interesting Intrusion testing on Browsers. Thank you for your time.

barnesc
barnesc

Excellent article! I have just spent the last week cleaning up a small business that had virus and malware all over their machines, it was so bad that I had to rebuild most machines used by people, the only ones I did not have to touch were a couple of machines that just run services. The company was using Exchange 2003, so I put in some Real Time Blacklists on Exchange to reduce the spam and rubbish. I was not able to implement Linux, but absolutely agree that Linux is the way to go, I myself have always been MS but have taught myself Linux of lately and see the security advantages. I intend to move the business I mentioned above onto a Linux Server after I get them off Exchange and move their mail into the cloud.

glnz
glnz

Very happy to have Firefox both at home and at work, with X-Marks syncing bookmarks between them, but which add-ons do you recommend for security, and which add-ons are the most dangerous and must be avoided? FYI, my Firefoxes have NoScript, Adblock Plus, Better Privacy and Perspectives, but they also have one or two add-ons for right-clicking and opening in an IE tab.

333239
333239

"One of the best things you can do is migrate your users from IE to Firefox. Yes, Firefox may be getting a bit bloated, but it’s still far more secure than the Windows counterpart." Or maybe not?: http://www.bbc.co.uk/news/technology-19909106 Again, no basis or evidence to support your conclusion, just hearsay.

wbaltas
wbaltas

Apply patches, to all software, on a regular basis. Patches issued for a variety of reasons, and one of the most important is to plug security holes.

mrjohnpro2
mrjohnpro2

Can't beat Sandboxie for solid security. Jp

pdr5407
pdr5407

I think that if you have a small business than setting up client workstations to have standard user permissions is one of the best points on this list. The point about updating and running antivirus scans is also up there. Two other important security steps to take with a business is keeping all the client's windows updates current and to use a filtering DNS service like opendns on the router.

cxturbo56
cxturbo56

DL what rock have you beening hiding under?? People only make such statements when that they know better.. When the issue of security is raised, or is the issue of the tall order of the day, Windows has been at it for decades trying to shore up and make the OS more secure. The industry of commercial Virus, Malware, and other protective measure software is written by in large, and almost exclusively for "Windows" and associated Microsoft Products. When the last time you've seen a package on the shelf for Linux?? To further debunk your redderick, take a survey percentage wise of the preferred platform web-servers run on, I'm sure you'll find that Apache' has approximately eighty-plus percent of that market and growing! DL, this can't be by accident, No, it's simply the truth and the way things are! And you and your lack of knowledge of Linux's inner workings won't change that fact!! Right out of the box with no configurations or modification, Linux will suppass Windows any day of the week when it comes to the more "secure" platform. In case you didn't know, Linux was based, and derived from Unix, Probably the most secure OS ever created, and you certainly can't match, proclaim, or beat someone into thinking Windows can be just as secure as Unix, and if you believe it can be, I've got a bridge I'd like to sell you!! No one ever said that Linux can't be infected, I don't think anyone can or will boast or advertise that, But what you'll find, in most cases is less worry and stress of running Linux, Linux Admins are not tied down to "Baby-Sitting" Linux, as much as a Windows Admin would be administering a backroom full of Windows Servers, security patches, bundled updates, keeping servers virus signatures updated all take time out of a sys admins already busy day, time which could be better spent doing other more important things. Speaking of performance, Windows becomes so bloated over the years from all the updates of the updates of the updates, that it's performance in just running begins to suck!!! Taking precious time just to load, complete a simple task or even just to shutdown!! In a lot of cases the performance gets so terrible and ridiculous that your only remedy is to blow it away, start fresh and reload all your applications.. (Oooooh yeah, I can really see you having fun there)DL. I've used, and built systems for folks with various versions of Linux on them, guess what?? They're still running, and running as if they were freshly loaded, I've got units out there thats been running for close to eight years, and they've required "No" "OS System" reloads!

red4
red4

A good password is a good password; good today, good tomorrow, good next quarter. A weak password is just weak. Linux is not as good on security as we are made to believe? Really? Red Hat vulnerabilities? When I first got into linux there was a saying "When you know Slackware, you know linux. When you know Red Hat, all you know is Red Hat". Don't confuse Red Hat or any other "flavour" of linux as linux; linux is the heart, the kernel and that is quite secure and kept secure. The "flavourings" by Red Hat, Ubuntu, etc, are not linux itself. I agree with hardware firewalling, but don't hold with automatically picking the cisco kit. Big, expensive ASA5520-up is great, expensive, but great. Cisco security at the top-end is not always scaled down to the entry-level boxes. Sonicwalls are for those who want to feel that they've got something, but can't get by without the old point-and-click. Anyone tried running these in busy datacentre with heaps of traffic with IPS enabled? Fasle-posie nightmare. Content filtering for malware is a no-brainer. Just do it. Stop all the executables, dlls, etc. You can easily whitelist those that are really needed.

David Stratton
David Stratton

I think it's funny I should read your article immediately after reading this one: http://www.techrepublic.com/blog/window-on-windows/a-study-confirms-internet-explorer-9-is-the-safest-web-browser/6707?tag=nl.e064&s_cid=e064 And as for the common wisdom in password policies.. That's usually wrong as well. http://xkcd.com/792/ and http://xkcd.com/936/ BUT I give you complete credit for not saying "Linux can't get viruses". Instead, you stuck to the non-nit-picky truth and said that Linux can get FEWER forms of malware. Good job. Because the whole "Linux can't get viruses", while techically true, lulls non-techies into a false sense of security because they understand that to mean "Linux isn't susceptible to ANY malware."

joeller
joeller

Very interesting article. However, it is important to remember that security requirements need to be compatibile with work requirements. There is no point to having a secure network that cannot perform mission critical functions. Do I detect an anti Microsoft bias here, as noted below, some of the desired security requirements can be programmed as MS security Domain group policies. 1. "begin migrating at least some of your desktops to Linux." And who is going to teach the users to use Linux? Quite a few command line and bat files are required at work here which use DOS. Who is going to teach all of these users to write in Linux? "2: Block users from installing software" One of the biggest sources of work stoppages here (DoD, Dept of Navy) is the inability to install basic tools as well as essential upgrades to basic tools like SQL Server, and Visual Studio. I have spent months twittling my thumbs waiting for an administrator to install these apps. "4: Switch your browser." Everything I have read has indicated IE9 is the safest browser out there. Worse yet there are still quite a few essential DoD sites that just plain won't work in Firefox. While it is true that a properly programmed site will work in both IE and Firefox, that doesn't help you when the site you need isn't properly programmed. (I remember when my wife getting highly frustrated because she could not get the post office site to work because she did not use IE.) "5. Browsers and email clients make use of add-ons. Some are necessary for work — some are not. Those that aren’t needed should not be used." Great how do you know in advance? What happens when you block an add on that is mission critical? "7: Enforce strict password policies" DoD requires 15 characters, with special characters, numbers, caps, and lower case all required and expires them after 60 days. However, they have moved to requiring Computer Access Cards (CAC) for everyone other than a select few to get on. That would be the best policy for companies to implement sign-on security. Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 provide Domain Group security policies that ensure that all users on the domain select strong passwords. These policies mandate the complexity of passwords, the max age, the min age, password reuse, min length. "10: Use content filtering to protect from malware" While this idea is good, on many occasions when trying to look up on the internet information needed for work, I have been barred by the Navy Network policy from the site with the required information.

pgit
pgit

You'll be able to safely administer it from home in your underwear and bunny slippers.. :) I rarely go on most sites I have running Linux servers. Unless the users absolutely insist, I don't set up RDC on the windows boxes, so I do travel to handle those. (more and more of them simple end user machines, I've migrated a lot of servers off windows lately.. the $$$ MS client/server licensing is usually what sews it)

joeller
joeller

The Navy does not permit users to install FireFox. The Navy does not permit users to upgrade IE. When it decides to then it does it for everyone. That is why we are still using IE7. Many mission critical Navy programs just plain won't work in Firefox. Granted it is bad programming, but they are still mission critical. Security is meaningless if it prevents users from accomplishing mission critical tasks. After all the most secure machine is one with no powere supply, but that doesn't make it useful

Slayer_
Slayer_

So can google at any time. Nearly every page has google-analytics.com on it somewhere.

red4
red4

Just one very recently, the Remote Access Trojan or RAT, that was a vulnerability in all versions of IE to and including IE9, which was being actively exploited in the wild. You didn't hear about that one? Didn't read about it? Didn't hear anyone mention it in passing? Didn't notice even Microsoft warning about it? Well I guess if you make sure you don't read, hear or see any security alerts then everything is safe, eh? So it must be safe for all firefox users to migrate to IE?

NickNielsen
NickNielsen

Seems to me Mozilla is quite security-minded. They pulled a Firefox update less than a day after it was released because a vulnerability was discovered. A few thousand users were affected and advised to roll back to an earlier version. Would that even be possible with a new release of IE? Given that most IE updates/upgrades are part of Patch Tuesday releases, it's probable that several millions of machines would be affected. Even outside the patch cycle, any new release posted to Windows Update would be downloaded by a large number of PCs configured for automatic updates. If the release had been up for a day by the time a vulnerability was discovered, it would leave Microsoft scrambling to put together an incremental update to fix the vulnerability. It's happened before, it will happen again.

red4
red4

No a/v, not matter how expensive or how good, will ever protect a workstation from a new or zero day malware doing the rounds. You need to stop it before it gets in. Once its on the workstation, its goodbye workstation. You ever listen to Leo or Steve Gibson on Security Now, or TWIT talking about malware infections on workstations (windows, no doubt)? HDformat the drive and start again. The only way is to only allow in whats needed. Content filter the web, stop those dlls and exes getting in; whitelist those you need. Filter the SMTP to stop all unwanted attachments and check the spam blackholes. Most importantly, have IDS/IPS to alert you when its going on; all defences need realtime alerts to let you know if some workstation is (trying) to go where its shouldn't. You don't need to shell out for cisco, look at something like this: http://i-firewall.co.uk. Gibson runs XP and no a/v. No A/V! You'd think he must be mad, wouldn't you?

dl_wraith
dl_wraith

The rock I've been hiding under is the rock of doing my job. On a wintel network. Connected by Cisco gear. With VMware, Citrix, Avaya, Linux, Solaris and Mac sprinkled throughout. I specialise in networking, telephony and, here's the fun part, SECURITY. I'm well aware of the history behind Windows, it's issues, the fact that Linux is configured more securely by deafualt upon installation and of the dominance of Apache as a webserver platform (SURPRISE!! I have one myself. It runs next to the IIS servers I have) but I've also got enough experience to know that most of the commonly held beliefs about Linux and Mac OS security and stability when compared to Windows are simply overegged. Simply repeating the mantra 'Linux is secure' over and over across a whole community does not make it so any more than me saying 'Windows can be secured' makes Joe Blogg's own installation protected. I don't need to babysit my Windows boxes any more than I do my Linux or Solaris boxes. I can't remember the last time I had to do a rebuild for any Windows platform due to performance issues, malware infection, or other and the only time I have to restart my Windows servers because of poor performance is because of a badly written 3rd party application. This, incidentally, happens about as often as it does on one of my Solaris and two of my Linux boxes. Nothing you have said here debunks my main point and you have, if fact, only provided me a platform to provide a further example of my main point. I thank you for that. It should be clear from my examples that the important thing here is not the platform itself, but the way it is administered. All platforms have their crosses to bear and all can be made more (or less) secure. I'm not a windows fanboy. Over the years it's been a painful platform to work with. It has also been a joy at times and made my life a lot easier. Fact is though, I'm trained in Windows and better at it than I am at Linux. hell, I can't remember half of my Suse course now but I can remember the majority of my Microsoft training. It's horses for courses and, to repeat my earlier post, no one size will fit all. So sit down, have a cup of cocoa, and realise that I'm not trying to convert anyone away from Linux or rubbish it's security credentials. Because I prefer windows and feel that it can be effective that doesn't mean to say that you, or anyone else, has to. It's called a preference and my comments are my heartfelt opinions - not solid facts or theories that need 'debunked'.

AnsuGisalas
AnsuGisalas

The actual article shows that IE9 has the best blacklist. The study does not evaluate any other security features than the blacklist. It does not check weaknesses, it does not check which add-ons can be used to improve security, nothing.

dl_wraith
dl_wraith

Wow, that's quite an image there pgit - I hope that's not representative of Linux admins in general :) Joking aside (sorry to poke fun - will happily edit if offence taken), we also remotely administer our Windows boxes without issue. We don't necessarily use RDP, either. The M$ licencing thing is an utter joke and has caused us no end of headaches over the years. I'm all with you on that!

red4
red4

You can filter out google-analytics.com, you know?

andrew232006
andrew232006

IE exploits are almost too common to be newsworthy.

Kenton.R
Kenton.R

Gibson did claim that someone at Microsoft intentionally coded the MS06-001 WMF vulnerability to use as a backdoor into PCs, among other things that might label him as "mad," or at least occasionally prone to unsubstantiated hyperbole. http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/page2.html Here is Gibson's accusation against Microsoft taken straight from grc.com. The full transcript can be found at http://www.grc.com/sn/SN-022.htm. Note that co-host Leo LaPorte gives Gibson plenty of opportunity to back down from his claims: Steve Gibson: This was not a mistake. This is not buggy code. This was put into Windows by someone. We are never going to know who. We're never going to know - well, actually I'm going to find out when because we're going to know when this appeared because this appeared - I'm guessing this is not in older versions of Windows, which is why this function - or if it is in older versions of Windows, it's done slightly differently. I'm still on the hunt. So this is not my last report on this. I expect to have a much better sense for this a week from now. But the only conclusion I can draw is that there has been code from at least Windows 2000 on, and in all current versions, and even, you know, future versions, until it was discovered, which was deliberately put in there by some group, we don't know at what level or how large in Microsoft, that gave them the ability that they who knew how to get their Windows systems to silently and secretly run code contained in an image, those people would be able to do that on remotely located Windows machines... Leo: So you're saying intentionally or - Microsoft intentionally put a backdoor in Windows? Is that what you're saying? Steve: Yes. Leo: Well, that's a pretty strong accusation. Could this not have been a... Steve: Well, it's the only conclusion... Leo: It couldn't have been a mistake? Steve: I don't see how it could have been a mistake.

red4
red4

I fully agree that windows can be secured. Stick a linux box in front of it. Job done.

red4
red4

I thought that you were, I just wanted to look like I knew something!

Slayer_
Slayer_

I was just pointing it out, especially for those IE users.

dl_wraith
dl_wraith

IE is on pretty much every Windows box. The less tech savvy users have a tendancy to use it because it's there. These are the people that are easy to target. If Chrome, FireFox or Opera had been the default browser on Windows, the situation would be different, I'll bet. Of course, the way IE works also plays a part but for me we all too often miss the point of why M$ products are exploited most in the first place. And no, I won't be drawn into an 'oppertunism vs mass targets' debate.

red4
red4

I think I first became a member about 14 years ago when I passed a brainbench exam and back then techrepublic actually used to mail you their printed updates! That's how long I've been rolling! I just can't place my original account! Trolling! Too old to bother, and difference between a backdoor and an Easter egg: there was no such thing and no such phrases 17 years ago. I don't really care why you are so obsessed with this and Mr Gibson, I only mentioned him because I know he has said he doesn't use a/v, and I was responding to pdr5407@'s posting about a/v importance, which to me, TO ME, is quite low, not just because Mr Gibson also don't use it, but because in 15 years of using linux I've not been hit with anything that hasn't been removed by a simple reboot. But then I only run as a non-priv user. Hey, if you have absolute concrete proof that M$ don't and never have allowed any "backdoor" code in, then thats great. Well done. It doesn't really change my view on a/v; it's last line defence - an alert to tell you to reinstall.

Kenton.R
Kenton.R

Your link was about MS sharing botnet control server IPs collected from the Malicious Software Removal Tool with law enforcement in order to help track down botnet operators. It cannot allow remote access to a PC, it cannot facilitate breaking of any user encryption, and it is not a backdoor. Some random guy posting on his wordpress blog (he links to 911truth.org, among other conspiracy theory sites) isn't exactly a reputable source. The Excel '95 reference: I think you're referring to The Hall of Tortured Souls, a Doom-like mini game that contains photos of the Excel development team. Since you're a new account I can't tell if you are just trolling or honestly don't understand the difference between a backdoor and an Easter egg. Also, for pgit: _NSAKEY was the name of a cryptographic key found in NT4 SP5. It was in the build that was publicly released. It was not executable code; it was the public half of a public/private key pair. To be accepted as a cryptography suite by MS, the suite has to be signed with an accepted key. _NSAKEY was the name of the secondary key. But a crypto key with "NSA" in the name is still not a backdoor. Bruce Schneier laid the smackdown on that bit of FUD over a decade ago: http://www.schneier.com/crypto-gram-9909.html#NSAKeyinMicrosoftCryptoAPI Simply put: the NSA had no need for a backdoor to be built into NT4 - there were plenty of easier ways to get in. What the NSA might have needed is a special crypto suite they could load that was completely developed in-house by NSA and/or stronger than what MS shipped due to cryptographic export restrictions in place at the time. Or, it could have just been a MS employee who didn't consider what conspiracy theories would arise from his choice of file name.

pgit
pgit

That was found on an alpha or beta image someone checked the raw coding on, back around the release of XP IIRC. (could google it, but grandson is in town atm :) ) It was in waste code, that should have been cleaned off the image before compiling it, it wasn't something active in the installation of that image, but it was obvious it had been quite the scandalous little tidbit; Microsoft installing a secret key silently. Nobody knows if it was renamed, buried elsewhere in the official release and still installed silently. MS originally came up with some lame meaning of "NSA," then stole a page from government and clammed up, deny-deny-deny...

red4
red4

I can't, without spending ages on google, and frankly (may I call you frankly?) I don't care enough. Does no one else remember that excel thing in the 1990s? It was something like if you picked a particular cell and typed in "who is god" then it would make "Bill Gates is god" or something like that. It must have been around 1995 or 96. I was working in a Credit Card IT Systems department at the time, that's my only time reference. I'm sure there was a flying airplane image one, too. Added: this may be a source, but can't be bothered to read it all, but you be my guest: http://newsworldwide.wordpress.com/2008/05/02/microsoft-discloses-government-backdoor-on-windows-operating-systems/

Kenton.R
Kenton.R

Please give a source showing Microsoft has placed backdoors into their software in the past. Aside from Gibson, that is.

red4
red4

I remember, in the 90's that you could do something with excel and get it to make statements about Bill Gates. So, are you saying he is mad? Therefore, mad not to run a/v? Even though, to my knowledge he doesn't get plastered with malware getting in? But then I know some who have been stopped dead with malware, despite having sophos, kaspersky and Mcafee.

NickNielsen
NickNielsen

@cxturbo5, all of your posts in response to dl_wraith have been flagged as offensive. dl_wraith expressed his opinion. You are free to disagree with that opinion and quite obviously do disagree. However, you are not free to attack his qualifications, nor to belittle him because of that opinion. To both, please consider this thread closed.

cxturbo56
cxturbo56

No arrogance assessed in determining your skill, experience or background, only your statements!! So, don't try to get smart with your replies. Re-read the post, nothing contradicted your credituals, you're the one who left yourself open to attack with what you posted. Congrats on your promotion, but I still hope you have plenty of free time on your hands administering a windows network!! Oh by the way, the reason why you don't see more Linux dominance is because of the way microsoft tries to dominate and dictate the market of software, they pulled that tactic with Novell Netware, which still is a far better Networking OS than windows will ever be, and even it is more secure than windows. But in closing here, no one's trying to insult you, so don't try and insult me with your rebuttals.. But the truth is...Windows OS is flawed by design. For corporate and enterprise use Microsoft hasn't offered anything viablely worthwhile since XP, thats why plenty have hung on to it for this long! Corporate spat at, and rejected Vista, and have just recently charmed up to Windows 7 and it seems as though Microsoft don't get it, because corporations are already spitting at, and rejecting what they see in Windows 8 with that "Metro" desktop, which is about to be released... What an Ugly, Goofy looking desktop!!! Geeez, where did they come up with that mess??? Have fun DL ;-D

cxturbo56
cxturbo56

DL, the comment was directed to and at you!! It was not an assumption, it was a direct response to your ridiculous posting!! I'm not assuming or taking issue to anyone's experience or knowledge level, but your posting on trying to compare windows security to Linux was laughable, you were in diapers when I got into computers, and your 13 years are pale by comparison to my 30 plus years! So, if you were offended by what I posted, so be it!!! Don't post such ludicrous statements, someone is bound to pick up on such a fool statement challenge and check you on it!! I came up using unix at the command line and no GUI, and maybe it's just my luck, but i've never in my over 30 years seen a unix or Linux system infected, but have dealt with tons of windows systems both private & enterprise being brought to their knees with infections, So you tell that crap to someone who don't no better!! If Cisco's your strong point, stick with that, I'm also a Cisco CCNA/CCNE, so don't try to pull the wool over my eyes!! Later!

dl_wraith
dl_wraith

See my earlier comments about the arrogance of assumptions. I'm glad your Linux infrastructure works for you. As for me my original design for our AD infrastructure netted me a promotion, a wage increase and a chance to move upwards to different IT roles. Not $20,000 in bonuses but I was happy that I got it right for my business. Given our userbase and software requirements, sticking mostly Windows was right for us. Why does this mean I have a case to answer? Despite your examples where Linux was a better option for you it does't debunk my original point at all - that Windows can be configured to be more secure (and Linux could be configured to be more promiscuous). Look, lets just agree to prefer different platforms - it happens, you know. That's why Linux isn't everywhere - some admins have other systems for a reason.

dl_wraith
dl_wraith

....don't let facts get in your way, eh? I'm far from a novice and take offence at your comments. I have 13 years of experience, not much by some standards, but enough to know what I'm doing. Don't assume you know anything about the skills of the people posting here. That is ill-advised at best and arrogantly insulting at worst. As an aside, since when were personal attacks good practice at TR?

joeller
joeller

I would have expected a rebellion of users looking for your scalp. That is what would happen if the same thing were attempted here. I foresee a great deal of chaos when the Navy finally converts from XP to Windows 7. That will not be pretty, particularly with the issues being suffered with guardian edge encryption. (It causes external hard drives to crash to computer losing all data and requiring a rebuild.)

cxturbo56
cxturbo56

Case Closed DL, With your last statement here you've admitted and proved my point!! Most "Real Admins" these days have more than enough on their plates to allocate their precious time between than to be baby sitting Windows based workstations and servers, trust me, been there, done that, and prefer not to go back to that!!! That's the reason I as an administrator convinced my employer to go with my suggestion in moving to a different infrastructure, moving from windows workstations and servers to Novell Open SuSe Linux & Zenworks platform. The change took a year and five months, the TCO has been drastically reduced, while productivity shot up dramatically, administering the entire network is a breeze with Zenworks product, to make a long story short, the whole thought of bringing it to light with management netted me nearly $20k in bonuses, can you say that about your messy "Active Directory" network?? I thought not!!!!

NickNielsen
NickNielsen

"Linux is not as secure as you like to think" I'm having difficulty understanding how this opinion could make him ignorant. Although I'm having trouble reading your post because of the grammatical and spelling errors, you seem to have taken two paragraphs to say essentially the same thing he said in one sentence.

cxturbo56
cxturbo56

It's obvious that you're a novice when it comes to your knowledge level, I certainly wouldn't want you running or administering my data center or systems, since your ignorance on the subject is glaringly showing here! Please, do us all a favor on here who knows better, by not giving security advice to anyone on here, cause you do not have a clue as to what you're talking about. While no system is entirely immune from being attacked, it is less prominent to occur on a miniumly administered Linux system than on a Windows system anytime or day of the year!!! So, no person with any real knowledge in unix and linux would say something as stupid as what you've posted here!! Stick to Windows, it seems to be what you know best!!!

dl_wraith
dl_wraith

...I've used similar techniques to patch up my computer cases. Low budget repairs can be fun :) The only thing 'cold' here is the supposed argument with Linux users on the one hand and Windows users on the other. That fanboy war ended when sysadmins of our generation grew up. Y'all can poke fun all you want and I'll applaud your inventiveness and humour but the fact remains, Linux is NOT as secure as you like to think. As to securing windows being a chore. Yeah, sometimes it is though not as much as it once was. keep 'em coming, Linux fans :)

pgit
pgit

...to secure my windows, from cold drafts in the winter. Unfortunately, most of my users are using the software variety of "windows" and securing them is a chore, like it or not. I use Linux myself, btw, have since 1999.

dl_wraith
dl_wraith

Cheers for that, Red. Loved the analogy, disagree with your point.

Editor's Picks