Re: [Full-Disclosure] Re: Pudent default security
From: Jay Sulzberger (jays_at_panix.com)
Date: 09/29/03
- Previous message: Jay Sulzberger: "Re: [Full-Disclosure] Re: Pudent default security"
- Maybe in reply to: Paul Schmehl: "[Full-Disclosure] Re: Pudent default security"
- Next in thread: Ed Carp: "Re: [Full-Disclosure] Re: Pudent default security"
- Reply: Ed Carp: "Re: [Full-Disclosure] Re: Pudent default security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: erc@pobox.com Date: Mon, 29 Sep 2003 00:41:35 -0400 (EDT)
On Sun, 28 Sep 2003, Ed Carp wrote:
> On Mon, 29 Sep 2003, Jay Sulzberger wrote:
>
> > > Yes, that is what I was trying to say, however lamely. The preponderance
> > > of discussions and papers on security today focus on the network and how to
> > > control the flow of data/packets. But in the final analysis, the problems
> > > always come down to the individual machine, be it server or workstation.
> > > Why aren't security ideas focusing on that problem primarily? Oh, we all
> > > know you shouldn't run unnecessary services, but that's about as far as the
> > > wisdom goes.
>
> And that's why the MS Blaster worm and variants have been so successful -
> most admins think that because they have a properly configured firewall in
> place, they're invulnerable - never realizing that all it takes is someone
> with an infected laptop to plug in behind the firewall, and they're toast.
> But it's somewhat understandable, because all the trade mags have been
> harping on is a centralized firewall for years.
>
> > > IMO the vendors should be providing these types of tools as an integral
> > > part of the OS in addition to shipping in an off-by-default model. It
> > > should be trivial to "do security" in an OS. (It still blows my mind that
> > > every WinXP box comes with UPnP on by default. RPC I can *almost*
> > > understand, but UPnP???) I'm saying we need a paradigm shift in *thinking*
> > > about how an OS should be configured out of the box *and* a paradigm shift
> > > in the ease of configuration on an enterprise level.
>
> At least it comes with some sort of firewall - a step in the right
> direction, I think. Too bad no one in my company runs XP - too
> unstable...
Tiny attribution alert: I wrote none of the words above.
oo--JS.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Jay Sulzberger: "Re: [Full-Disclosure] Re: Pudent default security"
- Maybe in reply to: Paul Schmehl: "[Full-Disclosure] Re: Pudent default security"
- Next in thread: Ed Carp: "Re: [Full-Disclosure] Re: Pudent default security"
- Reply: Ed Carp: "Re: [Full-Disclosure] Re: Pudent default security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
