IDS mailing list archives
Re: Rather funny; looks like page defacement to me
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 17 Jun 2003 09:54:50 -0500
I'm not picking on you. You just happened to be the one that articulated it, OK?
I see this attitude a lot, and it troubles me a great deal. I think all too often we "IT people" get isolated from the real world and think that everyone else should be just like us.
An admin who doesn't know TCP/IP? There are many. The norm in most small companies is to "promote" the "computer guy" to the IT slot when they can afford one (and often when they can't afford one this person works "part-time" in computers.) Oftentimes this guy (or gal) just knows more about computers than most people in the office, but they're a long way from trained on networking and TCP/IP, security, etc.
Yet they are expected to perform and "get the job done" without any training or preparation. They spend many sleepless nights reading books, trying to learn the myriad of things that they have to know to protect their companies. On top of all that pressure, they have the pressure from their *peers* constantly denigrating them because they don't know enough.
When is the last time *you* took time to teach someone who was less knowledgeable than you? When is the last time *you* were responsible for *everything*? Mail, web, DNS, networking, routers, switches, wiring, IDS, firewall, virus protection, OS updates and patches, backups, disaster recovery, printers, faxes, applications, hardware repairs, etc., etc.? Most of these folks are doing *all* of that, *by themselves*, because that's *all* their companies can afford. And they're doing yeoman duty for 2/3rds the pay that the high-paid pros are.
I took on the task of trying to help one of these types of people (because he emailed me privately with a question about snort), and I quickly realized what a daunting task it is for him. He had to learn Unix, mysql, snort, apache, sendmail and TCP/IP all at the same time. Yet he tackled it with enthusiasm and he's making great progress.
He's the "computer guy" in a small architectural firm, and he got the job because he was constantly helping people in the office who had computer problems. Once they decided they *had* to have an Internet presence, he was tapped for the job.
If you want our profession to improve, the onus is on *you* to do something about it. Criticism is easy. Anybody can do that. Teaching others what you know and helping them get up to speed is much more difficult and time consuming. It's also a great deal more fulfilling *and* humbling. There's no better way of realizing the gaps in your own knowledge than trying to teach someone else.
Instead of wallowing in your smug self-righteousness, going home after work and complaining about "them", get out there and make a friend. Teach one of those poor "draftees" how to protect their enterprise. (Trust me, they're no threat to you professionally.)
--On Sunday, June 15, 2003 12:02:02 PM +0800 Callan K L Tham <miburo () singnet com sg> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 14 June 2003 03:48, broyds () rogers com wrote: I agree that the average sysadmin might not be able to handle an IDS straight off. But an admin who don't understand TCP/IP? Why does he even have a job? Oh wait...that explains the countless amount of codereds and nimdas and sadminds I see _every_ day.... If the arguments are admin incompetence and poorly-designed networks, then they do not hold water. A company who doesn't care about it's IT infrastructure deserves to be cracked; and admin who doesn't know TCP/IP (I got a good laugh from that) should be paraded on the streets and flogged.
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu -------------------------------------------------------------------------------Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------
Current thread:
- Re: Rather funny; looks like page defacement to me, (continued)
- Re: Rather funny; looks like page defacement to me George W. Capehart (Jun 17)
- Gartner comments (was Re: Rather funny; looks like page defacement to me) Randy Taylor (Jun 17)
- Re: Rather funny; looks like page defacement to me broyds (Jun 14)
- RE: IDS failures and avoiding them (WAS: Rather funny; looks like page defacement to me) Mike Lyman (Jun 17)
- RE: IDS failures and avoiding them (WAS: Rather funny; looks like page defacement to me) Jim Butterworth (Jun 17)
- RE: IDS failures and avoiding them (WAS: Rather funny; looks like page defacement to me) Angel Rivera (Jun 17)
- RE: IDS failures and avoiding them (WAS: Rather funny; looks like page defacement to me) Mike Lyman (Jun 17)
- RE: Rather funny; looks like page defacement to me Roger A. Grimes (Jun 17)
- Re: Rather funny; looks like page defacement to me Bill Royds (Jun 17)
- RE: Rather funny; looks like page defacement to me Roger A. Grimes (Jun 17)
- Re: Rather funny; looks like page defacement to me Callan K L Tham (Jun 17)
- Re: Rather funny; looks like page defacement to me Paul Schmehl (Jun 17)
- Re: Rather funny; looks like page defacement to me Bill Royds (Jun 18)
- Re: Rather funny; looks like page defacement to me Callan K L Tham (Jun 18)