RE: The Morris worm to Nimda, how little we've learned or gained

["R. DuFresne" <dufresne () sysinfo com>]

On Sat, 5 Jan 2002 Bill_Royds () pch gc ca wrote:

> One thing that you don't mention is the ability to properly assume risk.
> This has been the problem with NIMDA in that many of the infected machines are
> running insecure default setups because the owners are not aware that they are
> even running HTTP servers.
> Because of the default install routines of Windows 2000 server, owners of
> servers can have software installed that they would not run if they were aware
> of the risk.


It's even worse then that though.  Even your 'average' unix admin installs
most every package on the vendors cd, and many even go through most all
the 'ports' and install those too!  I've banged my head far too many times
when trying to get policies to a point where admins were 'supposed' to do
installs on systems based upon the specific services those machines were
supposed to be placed to support, and only those service.  While at AT&T,
for a time, I loved the lucent contractors we engaged, those kids fresh
out of the military, most never haveing an MOS working in the IT field at
all, that had gotten two weeks of 'intensive' training on how to handle
the fw-1 GUI, and nothing more.  No one really understood the
difference that knowing how to setup rules was not exactly the same as
knowing why a rule should or should not be setup.  Firewalls into
routers...  These boys wanted to become unix savvy,
and so spent day after day installing and reinstalling redhat or mandrake
on their laptops <shakes his head>...to hell with customer calls, we're
busy damnit!  XDM was so popular, with the many variants of window
managers that made them feel so windows like, mobile exploits on the
backbone, ya gotta love it.

As long as cd's are put out with total distributions and full or 'port'
code, getting systems up and running to support only the service the
system was commisioned to support in a near impossibility.  This is not
just an issue at the desktop level for sure...

While Paul makes some good points about enduser 'education' being a lost
cause, education at the admin level certainly needs to be regeared I
think, and hiring practices re-examined.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  sysinfo.com
                  http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards