Default OS security....

Default OS security....

Post by laserne » Tue, 15 Jan 2002 01:17:49



If the default installation is used to the determine the security of the OS,
not really a valid indicator, then here's the packing order of four OSs:

1.) Linux:
         Open ports: 2
                  111 - sunrpc
                6000 - xwindows

2.) Win2K and XP (home edition):
         Open ports: 4 - 5 (each)
                   135 - epmap
                   139 - netbios
                   445 - mds
                 1025 - listen (?)
                 5000 - unknow (XP only)

3.) Sun Solaris 5.8:
         Open ports: 12
                   13, 21, 23, 25, 79, 111, 512, 513, 514, 515, 540, 4045
(look them up :) )

The installations were performed using the default selections during
installation, the scanner used was Retina by Eeye. The port 13 should've
showed up for the MS OSs also, other scanners did show it.

Most certainly, the actual security of the OS depends on the end user.
His/her knowledge and ability to make changes are the deciding factors in OS
security. For the most part, the less open ports the OS has the easier it is
to secure the OS. Linux has an edge in that respect over other OSs
The other factor effecting the end user's experience is the level knowledge
required to secure the OS. Firewalls do equalize the OSs, however, without
firewalls MS OSs and Linux seem to be on level for knowledge required to
secure the OS. Solaris is another story, one might say it is in the league
of its own.

This list does not address security within the OS, only what visible from
the network.

 
 
 

Default OS security....

Post by Marc Jorda » Tue, 15 Jan 2002 01:35:33


Quote:> 1.) Linux:
>          Open ports: 2
>                   111 - sunrpc
>                 6000 - xwindows

   There's no default Linux, there are lots of GNU/Linux
distros and each of them do open different ports in their
default installations, that even change from one version
to another.

   In fact there are no default installations, most of them
nowadays are KDE desktop, GNOME desktop,
Office workstation, Server and the so ...

Quote:> 2.) Win2K and XP (home edition):
>          Open ports: 4 - 5 (each)
>                    135 - epmap
>                    139 - netbios
>                    445 - mds
>                  1025 - listen (?)
>                  5000 - unknow (XP only)

   One of the things I do miss more in Microsoft OS's is
a simple packet filter, even when a little more complex
than XP incoming connections firewall or try of it. And
besides closing ports is not as easy as from GNU/Linux
for a person that does know that he wants.

Quote:> 3.) Sun Solaris 5.8:
>          Open ports: 12
>                    13, 21, 23, 25, 79, 111, 512, 513, 514, 515, 540, 4045
> (look them up :) )

   Hehehe, Solaris is a joke if you default install it with no firewall
between you and the net.

Quote:> The other factor effecting the end user's experience is the level
knowledge
> required to secure the OS. Firewalls do equalize the OSs, however, without
> firewalls MS OSs and Linux seem to be on level for knowledge required to
> secure the OS. Solaris is another story, one might say it is in the league
> of its own.

   GNU/Linux is very secure if you do know what you are doing, in fact
I do think it is more secure than any Windows version. As you say,
Solaris ... well may be Sun is selling you another machine and a FW-1
license only to protect your main one ;-)

   Apart from ports, then there is the problem of trojans, virus and the
kind, in which Windows OS's do shine with self light.

 
 
 

Default OS security....

Post by Erik Funkenbusc » Tue, 15 Jan 2002 02:22:58



Quote:> If the default installation is used to the determine the security of the OS,
> not really a valid indicator, then here's the packing order of four OSs:

> 1.) Linux:
>          Open ports: 2
>                   111 - sunrpc
>                 6000 - xwindows

Which Linux?

Quote:> 2.) Win2K and XP (home edition):
>          Open ports: 4 - 5 (each)
>                    135 - epmap
>                    139 - netbios
>                    445 - mds
>                  1025 - listen (?)
>                  5000 - unknow (XP only)

1025 and 5000 are SSDP and UPnP.  They can be disabled if you have no UPnP
devices (netwok printers, etc..).

Quote:> 3.) Sun Solaris 5.8:
>          Open ports: 12
>                    13, 21, 23, 25, 79, 111, 512, 513, 514, 515, 540, 4045
> (look them up :) )

No thanks.

Quote:> The installations were performed using the default selections during
> installation, the scanner used was Retina by Eeye. The port 13 should've
> showed up for the MS OSs also, other scanners did show it.

There's noting in Windows that runs on port 13.  I don't know what those
"other" scanners are talking about.  You can look for yourself.  Open a
command prompt and type "netstat -a"
 
 
 

Default OS security....

Post by laserne » Tue, 15 Jan 2002 03:45:07



Quote:> > 1.) Linux:
> >          Open ports: 2
> >                   111 - sunrpc
> >                 6000 - xwindows

>    There's no default Linux, there are lots of GNU/Linux
> distros and each of them do open different ports in their
> default installations, that even change from one version
> to another.

The Linux distro was RH 7.2, broken after using it for couple of month....

Quote:

>    In fact there are no default installations, most of them
> nowadays are KDE desktop, GNOME desktop,
> Office workstation, Server and the so ...

Each selection window has a default action already chosen during
installation, in that sense that is the default install...

Quote:

> > 2.) Win2K and XP (home edition):
> >          Open ports: 4 - 5 (each)
> >                    135 - epmap
> >                    139 - netbios
> >                    445 - mds
> >                  1025 - listen (?)
> >                  5000 - unknow (XP only)

>    One of the things I do miss more in Microsoft OS's is
> a simple packet filter, even when a little more complex
> than XP incoming connections firewall or try of it. And
> besides closing ports is not as easy as from GNU/Linux
> for a person that does know that he wants.

Both, the MS OSs and Linux, has the capability to disable the open ports. It
depends on one's knowledge which OS deemed "easy". For the person who does
know how to do port filtering on the OS in question, it really does not
matter. Some might be easier than others, but even that is just a personal
preference.

Quote:

> > 3.) Sun Solaris 5.8:
> >          Open ports: 12
> >                    13, 21, 23, 25, 79, 111, 512, 513, 514, 515, 540,
4045
> > (look them up :) )

>    Hehehe, Solaris is a joke if you default install it with no firewall
> between you and the net.

I disagree.... Solaris' default installation is a joke even behind the
firewall :). Where 80-90% of exploits happen statistically speaking.

Quote:

> > The other factor effecting the end user's experience is the level
> knowledge
> > required to secure the OS. Firewalls do equalize the OSs, however,
without
> > firewalls MS OSs and Linux seem to be on level for knowledge required to
> > secure the OS. Solaris is another story, one might say it is in the
league
> > of its own.

>    GNU/Linux is very secure if you do know what you are doing, in fact
> I do think it is more secure than any Windows version. As you say,
> Solaris ... well may be Sun is selling you another machine and a FW-1
> license only to protect your main one ;-)

And I do think that the OS in itself isn't secure, it's the user who
can/can't secure the OS.

Quote:

>    Apart from ports, then there is the problem of trojans, virus and the
> kind, in which Windows OS's do shine with self light.

I do believe, that is tied to the actual userbase and their lack of
knowledge. Most Windows users probably would run *nix under the root
account, which would be just as bad.
 
 
 

Default OS security....

Post by laserne » Tue, 15 Jan 2002 04:02:55





> > If the default installation is used to the determine the security of the
OS,
> > not really a valid indicator, then here's the packing order of four OSs:

> > 1.) Linux:
> >          Open ports: 2
> >                   111 - sunrpc
> >                 6000 - xwindows

> Which Linux?

Red Hat 7.2....

Quote:

> > 2.) Win2K and XP (home edition):
> >          Open ports: 4 - 5 (each)
> >                    135 - epmap
> >                    139 - netbios
> >                    445 - mds
> >                  1025 - listen (?)
> >                  5000 - unknow (XP only)

> 1025 and 5000 are SSDP and UPnP.  They can be disabled if you have no UPnP
> devices (netwok printers, etc..).

Other ports can be disabled also, even on different platforms, this was
about default installation...

Quote:

> > 3.) Sun Solaris 5.8:
> >          Open ports: 12
> >                    13, 21, 23, 25, 79, 111, 512, 513, 514, 515, 540,
4045
> > (look them up :) )

> No thanks.

> > The installations were performed using the default selections during
> > installation, the scanner used was Retina by Eeye. The port 13 should've
> > showed up for the MS OSs also, other scanners did show it.

> There's noting in Windows that runs on port 13.  I don't know what those
> "other" scanners are talking about.  You can look for yourself.  Open a
> command prompt and type "netstat -a"

My bad.... Port 13 is the standard for "Daytime", MS OSs incorporate
"Daytime" into the NetBios (port 139).
 
 
 

Default OS security....

Post by laserne » Tue, 15 Jan 2002 04:43:59



> On Sun, 13 Jan 2002 11:22:58 -0600, in comp.os.linux.advocacy,



> >> 1.) Linux:
> >>          Open ports: 2
> >>                   111 - sunrpc
> >>                 6000 - xwindows

> >Which Linux?

> Exactly. Linux itself opens no ports.

Arguable, but even in that case..... Linux in itself is useless and you can
compare it to DOS, DRDOS, etc....
 
 
 

Default OS security....

Post by Nigel Feltha » Tue, 15 Jan 2002 04:50:02


Quote:

> The Linux distro was RH 7.2, broken after using it for couple of month....

I have started a machine portscanning a default mandrake install and a
windows 98 PC at work - when I left on friday the mandrake box had been
scanned up to port 1,000 and only had 1 port open (portmap I think) but
should have scanned up to 10,000 by the time I go back tomorrow so I will
try to post the results then.

By the way does anyone know of a fast windoze or unix port scanner as the
one I have at work only appears to scan 1 port per second.

Quote:> I do believe, that is tied to the actual userbase and their lack of
> knowledge. Most Windows users probably would run *nix under the root
> account, which would be just as bad.

At least Most linux distro's now appear to force users to create a normal
non-admin user during the install and show only non-admin user icons on
login prompt unlike the 'doze which defaults all new users to admin status.
 
 
 

Default OS security....

Post by Ahab » Tue, 15 Jan 2002 05:55:00


Quote:> I have started a machine portscanning a default mandrake install and a
> windows 98 PC at work - when I left on friday the mandrake box had been
> scanned up to port 1,000 and only had 1 port open (portmap I think) but
> should have scanned up to 10,000 by the time I go back tomorrow so I will
> try to post the results then.

It sounds like you have the slowest port scanner ever.

Quote:

> By the way does anyone know of a fast windoze or unix port scanner as the
> one I have at work only appears to scan 1 port per second.

Get Superscan.

--
Regards,

Ahab
ahab<at>nym<dot>alias<dot>net

And on the third day, God said:
"Let there be div(D)=Pf, div(B)=0, curl(E)=-dB/dt, curl(H)=jf+dD/dt"

 
 
 

Default OS security....

Post by Marc Jorda » Tue, 15 Jan 2002 06:27:54


Quote:> The Linux distro was RH 7.2, broken after using it for couple of month....

   This is meaningless to the case and depends on the use and the hands
that do that anyway.

Quote:> Each selection window has a default action already chosen during
> installation, in that sense that is the default install...

   Don't know if that can be considered a default install, but I can
accept it for the case.

Quote:> Both, the MS OSs and Linux, has the capability to disable the open ports.
It
> depends on one's knowledge which OS deemed "easy". For the person who does
> know how to do port filtering on the OS in question, it really does not
> matter. Some might be easier than others, but even that is just a personal
> preference.

   I suppose that you are right, even when any GNU/Linux distro it has been
included a tool to do well built firewalls and with Windows has not been
the case.

Quote:> I disagree.... Solaris' default installation is a joke even behind the
> firewall :). Where 80-90% of exploits happen statistically speaking.

   Yeah, well, someone has to support hacking, why can't it be
Sun ? :-)

Quote:> And I do think that the OS in itself isn't secure, it's the user who
> can/can't secure the OS.

   That's out of any doubt. The user and the administrator are the
final responsables of the system. Still can be better and worse
oriented security environments anyway. Some years ago, by
the Slackware 96 time, it was rather insecure installing GNU/Linux
with little idea, since it wide opened telnet, that would not anyway
mean that GNU/Linux was intrinsecally worse than Windows 95,
just behaved so because of the users.

Quote:> I do believe, that is tied to the actual userbase and their lack of
> knowledge. Most Windows users probably would run *nix under the root
> account, which would be just as bad.

   That's one of the arguments I use to give about GNU/Linux virus
spreading if it had 96% desktop.
 
 
 

Default OS security....

Post by Peter K?hlman » Tue, 15 Jan 2002 06:17:40





>> On Sun, 13 Jan 2002 11:22:58 -0600, in comp.os.linux.advocacy,



>> >> 1.) Linux:
>> >>          Open ports: 2
>> >>                   111 - sunrpc
>> >>                 6000 - xwindows

>> >Which Linux?

>> Exactly. Linux itself opens no ports.

> Arguable, but even in that case..... Linux in itself is useless and you
> can compare it to DOS, DRDOS, etc....

... and Windows. Out of the box windows is completely useless

Peter
--
Outlook Express, who do you want to infect today?

 
 
 

Default OS security....

Post by Peter K?hlman » Tue, 15 Jan 2002 06:19:18



>> The Linux distro was RH 7.2, broken after using it for couple of
>> month....

> I have started a machine portscanning a default mandrake install and a
> windows 98 PC at work - when I left on friday the mandrake box had been
> scanned up to port 1,000 and only had 1 port open (portmap I think) but
> should have scanned up to 10,000 by the time I go back tomorrow so I
> will try to post the results then.

> By the way does anyone know of a fast windoze or unix port scanner as
> the one I have at work only appears to scan 1 port per second.

NMap

Quote:>> I do believe, that is tied to the actual userbase and their lack of
>> knowledge. Most Windows users probably would run *nix under the root
>> account, which would be just as bad.

> At least Most linux distro's now appear to force users to create a
> normal non-admin user during the install and show only non-admin user
> icons on login prompt unlike the 'doze which defaults all new users to
> admin status.

Yep, SuSE does it exactly that way.

Peter
--
A fool-proof method for sculpting an elephant:
first, get a huge block of marble; then you chip
away everything that doesn't look like an elephant.

 
 
 

Default OS security....

Post by yt.. » Tue, 15 Jan 2002 10:02:49



> If the default installation is used to the determine the security of the OS,
> not really a valid indicator, then here's the packing order of four OSs:
> 1.) Linux:
>         Open ports: 2
>                  111 - sunrpc
>                6000 - xwindows
> 2.) Win2K and XP (home edition):
>         Open ports: 4 - 5 (each)
>                   135 - epmap
>                   139 - netbios
>                   445 - mds
>                 1025 - listen (?)
>                 5000 - unknow (XP only)
> 3.) Sun Solaris 5.8:
>         Open ports: 12
>                   13, 21, 23, 25, 79, 111, 512, 513, 514, 515, 540, 4045
> (look them up :) )

I did, and youre wrong about linux.  It depends very much ont he distribution.
Also, it depends on which solaris 5.8 youre talking about, there are three
different packages for three different purposes.

-----.

--
Theres a hole in the world like a great black pit and
its filled with people who are filled with shit and the
vermin of the world inhabit it

 
 
 

Default OS security....

Post by Jim Richardso » Tue, 15 Jan 2002 12:47:55


On Sun, 13 Jan 2002 19:50:02 +0000,

Quote:

>> The Linux distro was RH 7.2, broken after using it for couple of month....

> I have started a machine portscanning a default mandrake install and a
> windows 98 PC at work - when I left on friday the mandrake box had been
> scanned up to port 1,000 and only had 1 port open (portmap I think) but
> should have scanned up to 10,000 by the time I go back tomorrow so I will
> try to post the results then.

> By the way does anyone know of a fast windoze or unix port scanner as the
> one I have at work only appears to scan 1 port per second.

>> I do believe, that is tied to the actual userbase and their lack of
>> knowledge. Most Windows users probably would run *nix under the root
>> account, which would be just as bad.

> At least Most linux distro's now appear to force users to create a normal
> non-admin user during the install and show only non-admin user icons on
> login prompt unlike the 'doze which defaults all new users to admin status.

If you are not using nmap, then switch...

--
Jim Richardson
        Anarchist, pagan and proud of it
www.eskimo.com/~warlock
        Linux, because life's too short for a buggy OS.

 
 
 

Default OS security....

Post by Jim Richardso » Tue, 15 Jan 2002 12:49:29


On Sun, 13 Jan 2002 11:22:58 -0600,



>> If the default installation is used to the determine the security of the OS,
>> not really a valid indicator, then here's the packing order of four OSs:

>> 1.) Linux:
>>          Open ports: 2
>>                   111 - sunrpc
>>                 6000 - xwindows

> Which Linux?

>> 2.) Win2K and XP (home edition):
>>          Open ports: 4 - 5 (each)
>>                    135 - epmap
>>                    139 - netbios
>>                    445 - mds
>>                  1025 - listen (?)
>>                  5000 - unknow (XP only)

> 1025 and 5000 are SSDP and UPnP.  They can be disabled if you have no UPnP
> devices (netwok printers, etc..).

I thought the claim of the winvocates was that UPnP was not on by
default?

--
Jim Richardson
        Anarchist, pagan and proud of it
www.eskimo.com/~warlock
        Linux, because life's too short for a buggy OS.

 
 
 

Default OS security....

Post by Erik Funkenbusc » Tue, 15 Jan 2002 14:26:07



> On Sun, 13 Jan 2002 11:22:58 -0600,



> >> If the default installation is used to the determine the security of the
OS,
> >> not really a valid indicator, then here's the packing order of four OSs:

> >> 1.) Linux:
> >>          Open ports: 2
> >>                   111 - sunrpc
> >>                 6000 - xwindows

> > Which Linux?

> >> 2.) Win2K and XP (home edition):
> >>          Open ports: 4 - 5 (each)
> >>                    135 - epmap
> >>                    139 - netbios
> >>                    445 - mds
> >>                  1025 - listen (?)
> >>                  5000 - unknow (XP only)

> > 1025 and 5000 are SSDP and UPnP.  They can be disabled if you have no UPnP
> > devices (netwok printers, etc..).

> I thought the claim of the winvocates was that UPnP was not on by
> default?

UPnP shouldn't be, but SSDP is.  Both services are set to "Manual" but that
allows anything that uses either service to start them.