Re: Controversial paper - Good response article on ZDNet
From: Mack (macckone_at_a_nospamjunk123_ol.com)
Date: 10/13/03
- Next message: wrong way philbin: "Re: David Wagner where are you?"
- Previous message: David A. Scott: "Re: AES optimizations for different implemenations"
- In reply to: George Ou: "Re: Controversial paper - Good response article on ZDNet"
- Next in thread: Mok-Kong Shen: "Re: Controversial paper - Good response article on ZDNet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 13 Oct 2003 14:12:25 GMT
On Sun, 12 Oct 2003 07:27:06 GMT, George Ou
<533george_ou234@netzero234.com> wrote:
>On Sun, 12 Oct 2003 06:28:22 GMT, Mack
><macckone@a_nospamjunk123_ol.com> wrote:
>
>>There has been a lot of talk about blended threats lately, mostly in
>>the context of worms that try multiple attacks against a single OS but
>>dual OS blended threats aren't exactly a new worry. The ideal
>>situation is good administration but neither unix nor windows lends
>>itself to good administration although both are getting better. In
>>this respect I would have to say windows is improving faster.
>
>I agree with you on that. I think it's because of the extra presure
>MS is facing that is forcing them to improve at a faster pace. The
>day that a Windows worm turns around and attacks Solaris machines on
>typical things like Solaris RPC, Sun's version of Sendmail, Oracle's
>bundled version of 1 year outdated Apache for their 11i app server
>which Oracle DBAs are afraid to patch because it might break
>something, you will see the apocalypse.
>
>The day will also come when Windows worms trunk them selves into a
>Cisco switch and nuke all VLANs because Cisco switches are wide open
>by default, or lauch MAC flooding attacks, or launch DoS attacks on
>Cisco IOS for switches and routers, or performs a spanning tree
>attack, you will again see heads roll.
>
>2 years ago, a Solaris worm actually went around defacing IIS sites.
>It's only a matter of time before that favor is returned 100 fold.
>
Something we agree on :)
I don't know if I should pack up for the hills now or
send the devil a sweater :)
>>>If you really care about computer security, go to SANS or Cert.org and
>>>implement all the best practices and harden everything and patch
>>>everything. I'm interested in real security, things like implementing
>>>malicious code scanners at the HTTP, FTP, and SMTP gateways.
>>>Implement network IDS systems. Implement a proper network design that
>>>mitigates the DoS effects of things like blaster. Implement routine
>>>vulnerability scans of your entire network. I don't care for this
>>>CCIA diatribe. I care about real security, and that has very little
>>>to do with if you're in the MS, OSS, Sun, Oracle, or IBM camp.
>>>
>>>
>>>George Ou
>>>http://www.LANArchitect.net
>>
>>MS is the biggest target because they have a monopoly. If
>>oracle succeeds in taking over peoplesoft they are likely to become
>>a major target as well. The paper was trying to make the point that
>>diversity is good, monoculture is bad. I have already said I don't
>>think there is an easy solution. Expecting every user to become
>>proficient in good security is totally ridiculous.
>
>People that hack Oracle and Sun flaws do so for financial gain, and
>are very unlikely to make noise. People who hack IIS or write worms
>want to say "hi mom", or "hey administrator, you're an idiot". Just
>look at that wannabe idiot that got caught making a cheap variant of
>Blaster.
>
>If you believe it's too complex to ask people to turn on Windows XP
>ICF (Internet Connection Firewall), I don't see how you can claim that
>it would be better if they ran on different OSes and Office apps.
>
>Bottom line, you're asking for security through diversity (or
>obscurity). I'm calling for real security, independent of platform.
>
I agree. But given the current environment real security
is unlikely to happen.
>>Critical infrastructure already has a great deal of diversity.
>>Unfortunately far more of the global community consists of
>>home users who are completely clueless.
>
>The hell it's diverse, Cisco switches and routers run the internet.
>The reason that is fairly resilient is because the people that run
>them are systematic and take security extremely seriously. It has
>nothing to do with diversity.
>
As the switches and routers get more complex this becomes a bigger
and bigger issue. Other companies also make switches and routers.
Lucent and Juniper to name two. Many MS and Linux computers
function as routers.
I can't quote market share. Not sure if anyones figures are
trustworthy. Any idea what the real numbers are?
Not the cisco marketing data. Of course they are several
months behind on deliveries.
The people on the backbones are systematic and take security
seriously. I agree there. A lot of POPs don't. But they tend to use
whatever is cheapest. ie. brands I have never even heard of.
>
>
>George Ou
>http://www.LANArchitect.net
Dang is there a fix for that damn patch that was screwed up.
Explorer crashed again. The second patch didn't fix the problem.
:(
Hope this goes out.
Leslie 'Mack' McBride
remove text between _ marks to respond via e-mail
- Next message: wrong way philbin: "Re: David Wagner where are you?"
- Previous message: David A. Scott: "Re: AES optimizations for different implemenations"
- In reply to: George Ou: "Re: Controversial paper - Good response article on ZDNet"
- Next in thread: Mok-Kong Shen: "Re: Controversial paper - Good response article on ZDNet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
