Firewall Wizards mailing list archives
RE: The Morris worm to Nimda, how little we've learned or gained
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sat, 5 Jan 2002 15:18:32 -0500 (EST)
On Sat, 5 Jan 2002 Bill_Royds () pch gc ca wrote:
One thing that you don't mention is the ability to properly assume risk. This has been the problem with NIMDA in that many of the infected machines are running insecure default setups because the owners are not aware that they are even running HTTP servers. Because of the default install routines of Windows 2000 server, owners of servers can have software installed that they would not run if they were aware of the risk.
It's even worse then that though. Even your 'average' unix admin installs most every package on the vendors cd, and many even go through most all the 'ports' and install those too! I've banged my head far too many times when trying to get policies to a point where admins were 'supposed' to do installs on systems based upon the specific services those machines were supposed to be placed to support, and only those service. While at AT&T, for a time, I loved the lucent contractors we engaged, those kids fresh out of the military, most never haveing an MOS working in the IT field at all, that had gotten two weeks of 'intensive' training on how to handle the fw-1 GUI, and nothing more. No one really understood the difference that knowing how to setup rules was not exactly the same as knowing why a rule should or should not be setup. Firewalls into routers... These boys wanted to become unix savvy, and so spent day after day installing and reinstalling redhat or mandrake on their laptops <shakes his head>...to hell with customer calls, we're busy damnit! XDM was so popular, with the many variants of window managers that made them feel so windows like, mobile exploits on the backbone, ya gotta love it. As long as cd's are put out with total distributions and full or 'port' code, getting systems up and running to support only the service the system was commisioned to support in a near impossibility. This is not just an issue at the desktop level for sure... While Paul makes some good points about enduser 'education' being a lost cause, education at the admin level certainly needs to be regeared I think, and hiring practices re-examined. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: The Morris worm to Nimda, how little we've learned or gained Bill_Royds (Jan 06)
- RE: The Morris worm to Nimda, how little we've learned or gained R. DuFresne (Jan 06)
- RE: The Morris worm to Nimda, how little we've learned or gained Paul D. Robertson (Jan 07)
- Re: The Morris worm to Nimda, how little we've learned or gained Rich Kulawiec (Jan 07)
- Re: The Morris worm to Nimda, how little we've learned or gained Paul D. Robertson (Jan 08)
- Re: The Morris worm to Nimda, how little we've learned or gained Adam Shostack (Jan 08)
- Re: The Morris worm to Nimda, how little we've learned or gained R. DuFresne (Jan 09)
- Re: The Morris worm to Nimda, how little we've learned or gained Joseph S D Yao (Jan 09)
- RE: The Morris worm to Nimda, how little we've learned or gained Paul D. Robertson (Jan 07)
- RE: The Morris worm to Nimda, how little we've learned or gained R. DuFresne (Jan 06)