Re: Changes in IDS Companies?

From: J. Foobar (jfoobar1@yahoo.com)
Date: 10/31/02


Date: Thu, 31 Oct 2002 00:05:04 -0800 (PST)
From: "J. Foobar" <jfoobar1@yahoo.com>
To: Aaron Turner <aturner@pobox.com>, focus-ids@securityfocus.com

To elaborate even further on your points here, which I
agree with:

The primary responsibility of your average
Solaris/Linux/NT admin, both as they and as management
see it, is not to keep their boxes secure.

*gasp* *shocked look*

The frequency with which some of the major OSes have
new patches released, especially Solaris just lately,
is enough to create somewhat of a boy-who-cries-wolf
condition in almost anyone.

Plus, these servers are not just base OSes running
nothing else. They are there for a reason, usually to
offer one or more application-based (often 3rd party
apps) to internal or external customers.

OS patches can break stuff. Admins know it, and they
are cautious and deliberate about applying them (at
best). If they rightfully insist on careful testing
of patches on lab machines and if this activity only
relates to a secondary job responsibility (security)
and they are already overworked to begin with, this
translates into weeks and weeks before these patches
get installed on production systems.

We make sure that the admins, and their management,
know about new relevant security vulnerabilities via
an internal advisory email distib list.

--- Aaron Turner <aturner@pobox.com> wrote:
> I've never met any admin of any OS (Solaris, Linux,
> Windows mostly) who
> claimed that he/she had patched all of the servers
> within 24 hours of a
> patch on a regular basis. Most wouldn't even claim
> 7 days or even a few
> weeks. Is this best-practices? Not even close. Is
> it the reality?
> Absolutely, especially since most companies don't
> have their IT group
> fully staffed due to the economy.

__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com



Relevant Pages

  • Solaris 8 to Linux dump compatibility question (Nick Pettefar)
    ... Solaris 8 to Linux dump compatibility question ... FOLLOWUP: Netra X1: How to break the LOM prompt in order to ... patches not available to customers w/o sunsolve accounts... ... After this you will need to write a finish script that will install the same ...
    (SunManagers)
  • RE: [Full-Disclosure] Blocking Music Sharing.
    ... "Bottom line is if management won't back the admin's attempts to stop things ... and the admin can't (for whatever ... Let management enforce the AUP in a professional manner, ... In my current situation - I can't enforce crap because the biggest offender ...
    (Full-Disclosure)
  • Re: [Full-Disclosure] Blocking Music Sharing.
    ... > reason) prevent it from a technical level, then the admin ... > Let management enforce the AUP in a professional manner, ... AUP works - examples ...
    (Full-Disclosure)
  • Re: Funny - any comments?
    ... wanted to approach management about this issue. ... > is better than a slapped together system where IT staff simply must know ... >> The actual issue is the Exchange email server is in one Windows ... If absolutely necessary, the admin could ...
    (microsoft.public.security)
  • Re: T3 storage array
    ... OS Solaris 9 is patched with recent Recommend Cluster. ... product guide says there are a bunch of patches for Solaris 9 for FC, ... and install all three of them. ... This command may hang the system if a Stop-A or halt command ...
    (comp.unix.solaris)