|
The criteria for rating Computer security is set by National Computer Security Center (NCSC), a division of National Security Agency (NSA). There are seven levels of computer security. which are A, B3, B2, B1, C2, C1, and D. C2 or above is military-grade security.It is important to notice that NCSC does not certify an operating system alone. Rather NCSC certifies a complete software and hardware configuration. Novell Netware meets the standard of C2 Security (Red Book), which means that Netware is secure as a network operating system. On the other hand, Windows NT 3.5 meets the standard of C2 Security (Orange book), which means that a NT system is secure as a standalone computer without any network connection. Windows NT 4.0 has not been certified by NCSC yet.
However, after Netware is turned away from IPX/SPX to pure Internet Protocol (IP), Netware may be more vulnerable to hackers. Some common hacking activities such as flooding and denial-of-services attack are IP-based.
A lot of security breach reports pinpoint Windows NT and Windows 2000. The results of security breach are costly. For example, in 2001 a subsidiary of Amazon.com admitted that crackers stole the company's customer records, including their credit card information. In the same year, a group of Eastern European hackers hacked 40 IIS sites in America and stole more than one million credit card numbers. Near the end of the same year, worms and viruses such as Code Red and Nimda attacked a lot of IIS servers. In response to the crisis, Gartner Group advised administrators to replace IIS with Apache and other Web servers.
It is debatable whether the Windows system is inherently insecure. Al Decker, managing principal of the global security and privacy services group at IBM, argued that NT is no more vulnerable than any other operating system. However, Mark Sims, the CEO of Netrex, a company specializing in computer security, held a different view. Sims argued that NT is harder to configure for security. And Microsoft's Internet Information Server is even worse. Even with all security patches installed, there are still some vulnerabilities that there are no solutions for.
This controversy recurs in Windows 2000 and 2003. After the release of Windows 2003, Michael Otley, a columnist in Windows & .NET Magazine, criticized Windows' security by saying, "In spite of its rhetoric and impressive-sounding initiatives, Microsoft doesn't really seem to get what enterprise security is all about...Microsoft's much-ballyhooed Trustworthy Computing initiative and Palladium both fall into security-by-marketing category. Neither initiative addresses the pressing needs of current customers."
Regarding Web security, the Mac has achieved a high standard. In late 1990s a group in Sweden set out a "Crack-A-Mac" contest in an attempt to test Mac security. Although the Mac Web server was hacked after more than six months, it was due to a hole in an improperly configured third-party software application.
In 2004, mi2g, a group London-based security experts, considered Apple's Mac OS X one of the world's safest operating systems by analysing digital attacks against servers and networks. They found that Linux suffered 13,654 breaches, Windows had 2,005 breaches but Mac OS X had only 555 breaches worldwide in January 2004. Nonetheles, this conclusion is disputed by many other computer experts because there are much fewer Mac OSX servers than Windows and Linux servers in the market.
In 1999, after a US Army website had been hacked, the Army moved its web sites from the Windows NT platform to the Mac platform, running WebStar Web Server. The website administrator explained that the rationale of the migration is based upon the recommendation of the World Wide Web (W3) Consortium. According to W3, the Mac platform is more secure than its counterparts for a number of reasons. For instance, Macintosh does not have a command shell and it does not allow remote logins. W3 also said it found no specific security problems in either the software or the server.
A robust computer does not crash easily. Windows NT tries to accomplish this goal by dividing its resources into three rings. Ring 0 is the core reserved for the operating system only while other rings can be accessed by application software. Under this partitioning, when an application fails, the operating system is unaffected. However, it is generally agreed that NT is less stable than Netware and UNIX.Windows NT faces harsh criticisms for the system failure of USS Yorktown in September, 1998. USS Yorktown is a "smart ship" equipped with Windows NT, which automates several key functions of the warship. During maneuvers off the coast of Cape Charles, VA., the Yorktown lost control of its propulsion system due to a computer system failure and was towed back to the port. Some critics question what if this happens in an actual combat situation.
A server with high availability seldom or never closes its door to users. Besides robustness, there are several other ways to achieve high availability. For example
Sometime availability has nothing to do with crashing or the lack of redundancy. Rather a simple administrative task may make the server unavailable. For instance, many maintenance tasks on NT require the server to be rebooted. This does not happen to UNI X and Linux very often.
- Disk mirroring: Use two separate hard drives to duplicate information
- Disk duplexing: Use two sets of hard drive controllers and hard drives to duplicate information.
- Redundant Array of Independent Disks (RAID): Configure multiple disk drives for data redundancy.
- Clustering: Using multiple servers as mutual backup. There are two aspects of clustering: fault tolerance and load balancing. Fault tolerance, also known as fail over, allows the second server to take over services when the first one fails. Load balancing, also known as load sharing, spreads client requests evenly to multiple servers. Loading sharing is related to performance issues rather than availability issues. Both Windows NT and Windows 2000 Advanced Server support 2-node clustering. Windows 2000 Data Center expands the clustering service to 4-node. Novell supports 8-32 servers for clustering. Various UNIX versions can go beyond all of the above.
Performance is defined by the response time and the number of concurrent users that a system can support. Scalability is room for growth in a system. They are strongly associated with each other: if a system can be expanded, it can also achieve high performance, of course. It is generally agreed that NT has lower performance than Netware and is less scalable than UNIX. For instance, in 1999 Wirless One replaced eight NT servers at its headquarters with three Netware servers because NT could not handle the WAN connections to 23 Wireless One offices. Some Netware users reported that Netware 5.1 could support as many as 800 to 1000 users per server. NDS eDirectory could be scaled up to support 1 billion objects per tree. An UNIX server can easily be scaled up to 64 processors, but a Windows NT server hardly goes beyond four CPUs. Microsoft intends to dethrone UNIX by introducing Windows 2000 DataCenter. According to Microsoft, with proper configurations W2K DataCenter could be as scalable as UNIX .Actually, in terms of robustness, availability and performance, older platforms such as IBM's mainframe and DEC's mini computer are better. MVS/390 can drive up to 90 percent of utilization without loss of effectiveness and hardly crash. VMS clustering can support multiple nodes to achieve extremely high availability. However, they are not servers or networks by the definition mentioned before.
There are two aspects of user friendliness, namely, ease of installation and ease of administration. For the first one, it is not surprising that the king is Macintosh. A Mac server can be installed and configured in just a few minutes. In regard to ease of administration, I endorse Netware. NDS centralizes all network resources and significantly reduces the time and cost of administration.
Interoperability and comprehensiveness
Interoperability is a modern term of compatibility, which is highly related to comprehensiveness. When a company provides a variety of products, a user can get a comprehensive package from just one vendor. And, ideally speaking, if all product s are from the same vendor, it is more likely that they are compatible. However, it is difficult, if not impossible, for one single company to be the best in every field. Realistically, many organizations maintain heterogeneous computing platforms accordi ng to different task natures. If one does not have time to shop around, no doubt Microsoft provides a relatively comprehensive package, including networking operating system, desktop operating system, web server, web browser, database, and so on.
Summary
Criteria Recommendation Security Novell Netware (File server),
Mac (Web server)Robustness and high availability UNIX, Netware, Linux Performance and scalability UNIX Ease of installation and configuration Mac Ease of administration Novell Netware Interoperability and comprehensiveness Windows 2000/2003 Server
Navigation
Network Contents