Re: [fw-wiz] concerning ~el8 / project mayhem

From: Dave Piscitello (dave@corecom.com)
Date: 08/22/02


From: Dave Piscitello <dave@corecom.com>
To: Anton J Aylward CISSP <aja@si.on.ca>
Date: Thu Aug 22 11:52:32 2002

Certainly.

I've helped a handful of very small businesses run by friends and church
associates. (Help is distinguished from consulting by the fee charged,
e.g., beer vs. money)

These are mostly Microsoft Windows shops. They are business people who have
DSL/EtherLoop access and I've installed SOHO firewalls for them.

Common properties:
- A/V is not on all computers, and virus definitions aren't up to date on
those that have A/V
- every WinOS setting is set at defaults
- no system is passworded
- no one has any idea whatsoever what a security/hot fix is, or why they'd
install a service pack

IMO this is not a good computing environment, and I encourage them to run
Microsoft's Baseline Security Analyzer and several simple and free
vulnerability assessment tools on their computers. Small business IT's like
training children to have good hygene early.

What's much more worrisome to me for such businesses is that they often
purchase some vertical application software (real estate, credit card
database, mortgage processing, medical) that runs on Linux, BSD, or SCO.

What's common on these machines:
- default *NIX configuration, dozens of services running, guest accounts, etc.
- the vendor insists that services like telnet/rcp, etc. be accessible
through the firewall so that they can service the machine. In some
instances, the application refers out to other servers.
- no one in the company can distinguish SCO from a scone...

Here's where I'd love to have Paul's "harden the server in 2 minutes"
vulnerability assessment and mediation skills.

Confession. I would not classify myself as an outstanding *NIX admin. I
make use of assessment tools on these and "sandbox" machines in my office
to hopefully raise my competency to a level that is at least the value of a
beer to my friends. Fortunately, I am often able to browbeat vendors into
using SSH over telnet, and I implement as stringent a firewall policy as
possible. So far, everyone's been able to stay off the radar.

We too often think of competency in terms of our own skill sets, enterprise
budgets (lame though they may be, they are worlds better than what
companies with annual earnings of six figures can afford), and (praise the
vendor) evaluation equipment.

At 10:09 PM 8/21/2002 -0400, Anton J Aylward CISSP wrote:
>On Wed, 2002-08-21 at 17:57, Dave Piscitello wrote:
> > Scanners raise the competency levels of individuals who aren't quite as
> > capable as Paul and others he and we might all identify as his equals.
>
>Interesting assertion. Could you explain it please.
>
>/anton

David M. Piscitello
Core Competence, Inc. &
3 Myrtle Bank Lane
Hilton Head, SC 29926
dave@corecom.com
843.689.5595
www.corecom.com



Relevant Pages

  • Re: New Member
    ... several different businesses which will help employee a lot of the out ... I love to cook and I am always looking for new recipes to use for my ... businesses, I also have TONS of my own recipes and cookbooks. ... I hope by joining I will find 1st of all good friends as well as learn ...
    (rec.food.cooking)
  • Re: Disgusting boy he is. . .
    ... OK John, we are friends, and I have in general conservative as well as ... I was honored to be in the company of so many men and women, like you, who represent the best of American enterprise. ... In this very tough time for our economy and for our workers and families across our country, job creation among small businesses is crucial. ...
    (rec.music.classical.guitar)
  • Re: New Member
    ... several different businesses which will help employee a lot of the out ... I love to cook and I am always looking for new recipes to use for my ... businesses, I also have TONS of my own recipes and cookbooks. ... I hope by joining I will find 1st of all good friends as well as learn ...
    (rec.food.cooking)
  • Re: Calculating S.S. benefit at 62 vs 66
    ... in small businesses. ... enjoying a middle class lifestyle with nothing more than a high school ... I know a lot of guys in skilled trades with four year college degrees. ... Most of my liberal arts grad friends who have salaried jobs are earning mid ...
    (rec.boats)
  • New Member
    ... several different businesses which will help employee a lot of the out ... I love to cook and I am always looking for new recipes to use for my ... businesses, I also have TONS of my own recipes and cookbooks. ... I hope by joining I will find 1st of all good friends as well as learn ...
    (rec.food.cooking)