[snip,snip]
"Marcus J. Ranum" wrote:
> Nothing's perfect. One of the reasons I've been focussing my
> energy on audit/intrusion detection is because I realized that
> nobody has a clue how bad security _really_ is.
Not only that, but many are falling into the trap where they THINK they are
secure, but they are really "owned", and have been for a while...
Some sites go for months, even years, without the attacker making use of the
compromised systems back door.
One ISP I know of still uses plain text telnets when connecting to admin accounts
on their "internal" lan since they "don't allow collocated servers", and still
boast that they are secure with the "highest level of security reasonably
possible"...
The way that most current applications work is such that a firewall does not stop
things... It may slow it down a little, maybe enough so that it can be detected,
but stop it completely... no... I agree with the term that someone here coined a
while back {sorry, don't remember who it was...}... To paraphrase "They should
not be called firewalls, but firesieves".....
Still firesieves ARE needed, just don't let them put you in the false sense of
security.... (which is why active intrusion detection is needed... Know your
systems well... (There are some machines out there where the admins NEVER log in
after initial setup, and are not familiar with how their systems work under
NORMAL situations, and thus may not notice when a problem is occurring)
PS: I have learned it the "hard way".... so I now ALWAYS use SSH to connect.....
--
-
Sami Yousif
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
http://www.mav.net/teddyr/syousif/ Personal Page
http://www.alug.org/ Amarillo Linux Users Group
[eMail sent to any of my addresses is subject to the Conditions outlined
in http://www.mav.net/teddyr/emailtos.shtml]
[Note: I no longer personally support ARNet (arn.net) as an ISP nor WTAMU
(wtamu.edu) as an educational institution nor LEK (lektech.com) as a
Computer Supplier] {http://www.mav.net/teddyr/access/banned.shtml}
[heard somewhere: "You have the right to remain clueless. Anything you
know may be used against you in a court of law"]
Another day, so many more LARTS to go. [BOFH, BUFH, JOAT]
"Understanding is a three edge sword: Our side, Their Side, and the
Truth" Babylon 5
<time is on my side>
Tuesday, January 19th 2038, 03:14:07 UTC: Are YOU Ready?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
