Re: Rather funny; looks like page defacement to me

["Bill Royds" <Bill () royds net>]

Unfortunately this message seems to indicate that I said that sysadmins who
didn't understand TCP/IP were dolts. It was actually the person who was
quoting me. What I said in the first place is that foisting IDS systems are
sysadmins who have too many other things to do is a costly mistake.
Either the company has to hire a costly IDS expert or they have an IDS that
provides no value to them.


----- Original Message ----- 
From: "Paul Schmehl" <pauls () utdallas edu>
To: <miburo () singnet com sg>; <broyds () rogers com>
Cc: <focus-ids () securityfocus com>
Sent: Tuesday, June 17, 2003 10:54 AM
Subject: Re: Rather funny; looks like page defacement to me


I'm not picking on you.  You just happened to be the one that articulated
it, OK?

I see this attitude a lot, and it troubles me a great deal.  I think all
too often we "IT people" get isolated from the real world and think that
everyone else should be just like us.

An admin who doesn't know TCP/IP?  There are many.  The norm in most small
companies is to "promote" the "computer guy" to the IT slot when they can
afford one (and often when they can't afford one this person works
"part-time" in computers.)  Oftentimes this guy (or gal) just knows more
about computers than most people in the office, but they're a long way from
trained on networking and TCP/IP, security, etc.

Yet they are expected to perform and "get the job done" without any
training or preparation.  They spend many sleepless nights reading books,
trying to learn the myriad of things that they have to know to protect
their companies.  On top of all that pressure, they have the pressure from
their *peers* constantly denigrating them because they don't know enough.

When is the last time *you* took time to teach someone who was less
knowledgeable than you?  When is the last time *you* were responsible for
*everything*?  Mail, web, DNS, networking, routers, switches, wiring, IDS,
firewall, virus protection, OS updates and patches, backups, disaster
recovery, printers, faxes, applications, hardware repairs, etc., etc.?
Most of these folks are doing *all* of that, *by themselves*, because
that's *all* their companies can afford.  And they're doing yeoman duty for
2/3rds the pay that the high-paid pros are.

I took on the task of trying to help one of these types of people (because
he emailed me privately with a question about snort), and I quickly
realized what a daunting task it is for him.  He had to learn Unix, mysql,
snort, apache, sendmail and TCP/IP all at the same time.  Yet he tackled it
with enthusiasm and he's making great progress.

He's the "computer guy" in a small architectural firm, and he got the job
because he was constantly helping people in the office who had computer
problems.  Once they decided they *had* to have an Internet presence, he
was tapped for the job.

If you want our profession to improve, the onus is on *you* to do something
about it.  Criticism is easy.  Anybody can do that.  Teaching others what
you know and helping them get up to speed is much more difficult and time
consuming.  It's also a great deal more fulfilling *and* humbling.  There's
no better way of realizing the gaps in your own knowledge than trying to
teach someone else.

Instead of wallowing in your smug self-righteousness, going home after work
and complaining about "them", get out there and make a friend.  Teach one
of those poor "draftees" how to protect their enterprise.  (Trust me,
they're no threat to you professionally.)

--On Sunday, June 15, 2003 12:02:02 PM +0800 Callan K L Tham
<miburo () singnet com sg> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Saturday 14 June 2003 03:48, broyds () rogers com wrote:
>
> I agree that the average sysadmin might not be able to handle an IDS
> straight  off. But an admin who don't understand TCP/IP? Why does he even
> have a job?  Oh wait...that explains the countless amount of codereds and
> nimdas and  sadminds I see _every_ day....
>
> If the arguments are admin incompetence and poorly-designed networks,
> then  they do not hold water. A company who doesn't care about it's IT
> infrastructure deserves to be cracked; and admin who doesn't know TCP/IP
> (I  got a good laugh from that) should be paraded on the streets and
> flogged.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

----------------------------------------------------------------------------
---
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training
sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's
to
"underground" security specialists.  See for yourself what the buzz is
about!
Early-bird registration ends July 3.  This event will sell out.
www.blackhat.com
----------------------------------------------------------------------------
---


-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------