On Sun, 28 Sep 2003, Ed Carp wrote:
> On Mon, 29 Sep 2003, Jay Sulzberger wrote: > > > > Yes, that is what I was trying to say, however lamely. The preponderance > > > of discussions and papers on security today focus on the network and how to > > > control the flow of data/packets. But in the final analysis, the problems > > > always come down to the individual machine, be it server or workstation. > > > Why aren't security ideas focusing on that problem primarily? Oh, we all > > > know you shouldn't run unnecessary services, but that's about as far as the > > > wisdom goes. > > And that's why the MS Blaster worm and variants have been so successful - > most admins think that because they have a properly configured firewall in > place, they're invulnerable - never realizing that all it takes is someone > with an infected laptop to plug in behind the firewall, and they're toast. > But it's somewhat understandable, because all the trade mags have been > harping on is a centralized firewall for years. > > > > IMO the vendors should be providing these types of tools as an integral > > > part of the OS in addition to shipping in an off-by-default model. It > > > should be trivial to "do security" in an OS. (It still blows my mind that > > > every WinXP box comes with UPnP on by default. RPC I can *almost* > > > understand, but UPnP???) I'm saying we need a paradigm shift in *thinking* > > > about how an OS should be configured out of the box *and* a paradigm shift > > > in the ease of configuration on an enterprise level. > > At least it comes with some sort of firewall - a step in the right > direction, I think. Too bad no one in my company runs XP - too > unstable... Tiny attribution alert: I wrote none of the words above. oo--JS. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
