Firewall Wizards mailing list archives

Re: Worms, Air Gaps and Responsibility

From: Nate Campi <nate () campin net>
Date: Wed, 19 May 2004 23:17:22 -0700

On Wed, May 19, 2004 at 11:27:10AM -0400, Dana Nowell wrote:

But the community as a whole doesn't agree on a common set of best
practices.  Like you said, there are "plenty of information about best
practices out in the wild - and increasing awareness and
implementation", the implication being that there isn't a base set of
rules for say small business and that what few 'rules' people do agree
on are not well sorted from the 'but I think' stuff.  If it was, it
would start showing up in places (contracts, discussion on VPN
implementations, business (not security) surveys, ...) and I don't see
it.


The damndest thing happened to me a couple days ago. I went over to my
80 year old grandfather's house to look at his PC which had trouble
after a windows update (possibly the first time it was ever run on a win
me system). I told him how important it was to update his software
regularly, since he connected it directly to a cable modem.

He kinda laughed, and told me that all his important documents were
created on his old Macintosh which was never hooked up to the internet.
He made backups of his documents on a floppy disk and gave them to his
daughter in case anything happened at his home. He didn't really care
too much about the PC he used every couple days for email, and he made
sure to never open any attachments he wasn't sure about, any more than
he would accept items from a stranger on the street.

I told him that what he just told me takes many internet security
professionals years to figure out, and many network administrators never
figure it out at all. 

When I think about where the majority of a security managers time is
spent, I see that it is mostly about convincing others to design
security into all their products and processes, and that basic security
is mostly about common sense practices. If I'm not careful he might take
my job!
-- 
Nate

"There are two major products that come out of Berkeley: LSD and UNIX. 
We don't believe this to be a coincidence."      -- Jeremy S. Anderson

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Worms, Air Gaps and Responsibility, (continued)
- - - RE: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
    - RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 18)
    - RE: Worms, Air Gaps and Responsibility Dana Nowell (May 19)
    - RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 19)
    - Best Practices Paul D. Robertson (May 19)
    - Re: Best Practices Dana Nowell (May 21)
    - Re: Best Practices Gwendolynn ferch Elydyr (May 21)
    - Re: Best Practices Dana Nowell (May 21)
    - Re: Re: Best Practices R. DuFresne (May 21)
    - Message not available
    - Re: Re: Best Practices Dana Nowell (May 21)
    - Re: Worms, Air Gaps and Responsibility Nate Campi (May 21)
  - RE: Worms, Air Gaps and Responsibility Eugene Kuznetsov (May 13)
  - Re: Worms, Air Gaps and Responsibility ArkanoiD (May 14)
- RE: Worms, Air Gaps and Responsibility Nathan C. Smith (May 13)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 13)
- RE: Worms, Air Gaps and Responsibility Kelly, Chris W. (May 14)