Firewall Wizards mailing list archives
RE: The Morris worm to Nimda, how little we've learned or gained
From: "Paul D. Robertson" <proberts () patriot net>
Date: Sun, 6 Jan 2002 21:43:10 -0500 (EST)
On Sat, 5 Jan 2002, R. DuFresne wrote:
It's even worse then that though. Even your 'average' unix admin installs most every package on the vendors cd, and many even go through most all
Yep, part of the OBSD "not in a default install" success is that they don't install much by default. It'd be interesting to see the same stats for every OS with the same services which come by default in OBSD. I think there is value in the work that the OBSD team has done in providing platform assurance, but I think it needs to be tempered against application sets when comparisons are made.
the 'ports' and install those too! I've banged my head far too many times when trying to get policies to a point where admins were 'supposed' to do installs on systems based upon the specific services those machines were supposed to be placed to support, and only those service. While at AT&T,
It gets worse when you go to things like Solaris where CDE abounds and the font server wants rpcbind.
As long as cd's are put out with total distributions and full or 'port' code, getting systems up and running to support only the service the system was commisioned to support in a near impossibility. This is not just an issue at the desktop level for sure...
It's worse though when the vendor mandates it through chaining code. Exchange is probably the current canonical example (it wants SQL Server, IIS...) Solaris is a three day exercise to unwind enough stuff and compile IPFilter into the kernel to block enough to be comfortable, futz with runlevels... Scripting helps, but it's a real pain the first time through.
While Paul makes some good points about enduser 'education' being a lost cause, education at the admin level certainly needs to be regeared I think, and hiring practices re-examined.
Absolutely. That's why despite my personal anti-certification stance[0], I've poured actual energy into my employer's "what a generic network admin needs to know about security" certification[1]. Paul [0] Got none, want none, see little value in having them vs. experience. [1] Ask me directly if you want to know and can't find it- the list doesn't need marketing material. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: The Morris worm to Nimda, how little we've learned or gained Bill_Royds (Jan 06)
- RE: The Morris worm to Nimda, how little we've learned or gained R. DuFresne (Jan 06)
- RE: The Morris worm to Nimda, how little we've learned or gained Paul D. Robertson (Jan 07)
- Re: The Morris worm to Nimda, how little we've learned or gained Rich Kulawiec (Jan 07)
- Re: The Morris worm to Nimda, how little we've learned or gained Paul D. Robertson (Jan 08)
- Re: The Morris worm to Nimda, how little we've learned or gained Adam Shostack (Jan 08)
- Re: The Morris worm to Nimda, how little we've learned or gained R. DuFresne (Jan 09)
- Re: The Morris worm to Nimda, how little we've learned or gained Joseph S D Yao (Jan 09)
- RE: The Morris worm to Nimda, how little we've learned or gained Paul D. Robertson (Jan 07)
- RE: The Morris worm to Nimda, how little we've learned or gained R. DuFresne (Jan 06)