Educause Security Discussion mailing list archives
Re: Improving the Security of Windows Platforms
From: Professor George Davida <davida () CSD UWM EDU>
Date: Mon, 22 Mar 2004 09:56:55 -0600
"Computer Operators", sometimes called "Sysadmins", need to know a lot more than what a program is. That is somewhat like saying "medical professionals" need to know something about human anatomy! Well they have very specific degree requirements: MD, RN,... not some "communication" graduate who read books on biology and needs to know what an organ is.... They really need to be computer science graduates, if they are to perform the tasks of securing systems, with a good background in computer security fundamentals. Unfortunately that is not going to fly with the industries' penchant for cheap labor. Large corporations (such as a financial securities corporations I know about) hire English majors who learned to configure their windows, unix or whatever on their own, as security officers. This won't change until shareholders (and consumers) file suit for losses against these corporations, losses due to decreased productivity, loss of data or outright theft of IP. At my university, the staff have done nothing recently but go around cleaning machines and installing yet another copy of Norton. There is no real work of improving the software environment to suppport education/research needs, just fire fighting. I have not computed the cost of all these well paid folks in this effort, but I would guess it is very high. It is amazing that people sue for a hot cup of coffee spilling on an older lady, but don't for loss of billions from incompetent management or badly designed software/hardware. There needs to be lawsuits agains Microsoft and other hardware/software vendors for these losses, and soon. George Davida
From owner-security () LISTSERV EDUCAUSE EDU Sun Mar 21 18:37:10 2004 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 X-Accept-Language: en-us, en MIME-Version: 1.0 References: <BF80E749A362F945AB759AEF88B503C80329B2CB () message educause edu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Date: Sun, 21 Mar 2004 19:32:10 -0500 Reply-To: The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Sender: The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> From: Gary Flynn <flynngn () JMU EDU> Subject: Re: [SECURITY] Improving the Security of Windows Platforms To: SECURITY () LISTSERV EDUCAUSE EDU Precedence: list X-Sending-IP: 198.59.61.256. USER EDUCATION AND SECURITY AWARENESS 6.1 Work with Higher Ed to create effective educational materials to increase (a) understanding of what a computer is, and (b) security and "good driving" principles. Written, streaming video, CD-ROM, and DVD versions should be available. A goal is "technology literacy" as well as doing the right thing with regard to security and configuration. The resulting material should be freely reproducible.Most importantly, computer operators need to understand the concept of a program and what it is capable of doing (anything). I know it sounds simple but there are a lot of people who don't understand. Then follow that up with where programs can be found and what is involved in trusting them. Without a strong understanding of that concept, an operator is reduced to a mindless button pusher and no amount of lists of "safe or unsafe behavior" will be sufficient as other things change too rapidly. Other important concepts include: client server use of privileged vs non-privileged accounts Then, the threat environment must be explained in great detail and with examples of incidents and repurcussions. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Improving the Security of Windows Platforms Rodney Petersen (Mar 19)
- <Possible follow-ups>
- Re: Improving the Security of Windows Platforms Melissa Guenther (Mar 19)
- Re: Improving the Security of Windows Platforms Randy Marchany (Mar 19)
- Re: Improving the Security of Windows Platforms Davina Pruitt-Mentle (Mar 21)
- Re: Improving the Security of Windows Platforms Gary Flynn (Mar 21)
- Re: Improving the Security of Windows Platforms Professor George Davida (Mar 22)