RE: RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

["Schmehl, Paul L" <pauls () utdallas edu>]

We have found this approach to be the most successful one.  Once we can
get them to understand what's being done to their machines on a routine
basis (scans, probes, attempted hacks, etc.) and what it costs to fix
them, they're more amenable to the idea of us protecting them from all
that mess.

It's hard work but well worth it.

Thanks for sharing that Karl.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member

-----Original Message-----
From: Karl A. Krueger [mailto:kkrueger () outbox whoi edu] 
Sent: Monday, January 27, 2003 9:27 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] RE: RE: MS SQL WORM IS DESTROYING INTERNET
BLOCK PORT 1434!

The issue for us was similar to that M. Schmehl describes.  Faculty at a
university, or scientists and engineers at a research institution, are
not simply employees of the institution.  They -are- the institution;
their work drives it; their creativity brings in the grants.  In such an
environment, it is utterly inappropriate for the institution's IT staff
to tell them what they may or may not do with the network.  Berating
them for being security-clueless won't help, either.  If you want them
to approve of a default-deny firewall, you need to convince them of
several things:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html