I thought about that phrase. I felt - If they don't have competent people, they don't have very good judgment and cannot read through the B.S. on a resume.
In that case, they should close their network and stay off the internet. I would wager that about 60 - 70% of system administrators and network engineers are not doing their job as well as needs demand. Sometimes this is because they are over worked, sometimes it's because they are lazy. A huge part of those jobs (I am in the same business) is making certain everything is patched and current and that the antivirus software is working (NEVER ASSUME). Then comes dealing with the rest of security - Audits, firewall upgrades, router monitoring... If all you (admins and engineers) do is the fun stuff, things will soon break! GUARANTEED!!! Nobody is perfect. EVERYONE - Please do your best as we all suffer when you do not. If every sys admin had done their job right, virus like Melissa, lovebug, KLEZ and CODE BLUE/RED would never have gotten as prevalent on the net as they did. Furthermore, MAKE CERTAIN EVERY PIECE OF HARDWARE EXPOSED TO THE INTERNET DOES NOT ALLOW RELAY! If everyone checked for this, SPAM and hacker emails would cut down by almost 80% These issues are not new. They are however ignored and neglected by many. I am not perfect, I too make mistakes. But, I learn from them and try to avoid repeating them again. Sorry for the dissertation. Danny H. Cox -----Original Message----- From: Stephen Bradley [mailto:[EMAIL PROTECTED]] Sent: Friday, August 16, 2002 9:37 AM To: Cox, Danny H.; Ted Bardusch Cc: [EMAIL PROTECTED] Subject: RE: AW: [gb-users] win2K security problems, the facts! i agree with danny on everything except i would have said "trust the competent people you hire to do the job right". i spent a lot more than 30 hours repairing the damage done after a local consultant put an allow any any rule on the outside interface of a pix firewall. and as far as not interfering with my work. let them. they are the ones paying the bill and they "are" the customers. all you can do is give good advice and point out best practices. if they don't want to follow the advice, well, i have the name of a good pix firewall installation company. :-) steve -----Original Message----- From: Cox, Danny H. [mailto:[EMAIL PROTECTED]] Sent: Friday, August 16, 2002 12:28 PM To: Ted Bardusch Cc: [EMAIL PROTECTED] Subject: RE: AW: [gb-users] win2K security problems, the facts! What everyone is forgetting: 1. Microsoft Windows "out of the box" installs tend to be wide open. 2. Services like ftp, telnet, www, Indexing, remote access, remote registry, routing & remote access, RPC, Windows Mgmt, Installer and Scheduler all have known hacks and all (mostly) are open to access/exploits "out of the box". 3. There is also a little known issue with the IP stack in NT that requires a "hot fix". It implements a new randomizer. 4. Even Linux systems are prey to attack After having a customer demand I open a couple of ports (against my stern warnings) to a Linux web server (20,21,23,25), their server was hacked in less than 29 hours. The net result - They learned a big lesson (trust the people you hire to do the job right - don't interfere). In the end it cost about 30 man hours to undo the damage caused. Anyone that ignores the risks and walks headstrong into a lions den deserves to get eaten. Systems are faster and perform tasks without judgment. They are only as smart as those using them. I would never put a system in front of a firewall - REGARDLESS. There are far too many tools available to get the job done right. Oh, By The Way (BTW) Yes, you can nail down a Windows system - It's almost unusable, but you can. The same is true for almost every O.S. out there. Danny H. Cox -----Original Message----- From: Ted Bardusch [mailto:[EMAIL PROTECTED]] Sent: Friday, August 16, 2002 8:47 AM To: Marc Suxdorf Cc: Mike Burden; [EMAIL PROTECTED] Subject: Re: AW: [gb-users] win2K security problems, the facts! One thing to be aware of in setting up your hypothetical outside the firewall, up to date patched box of whatever OS -- until it's fully patched, which in some cases takes multiple reboots, it is fully exposed and vulnerable while it's downloading the updates and patches. In that time frame, a scanning attack might well succeed. I saw an article a couple of years ago that an unpatched Red Hat install was rooted in under 30 minutes on average. Windows would not likely be too different. Personally I suggest using the GB Light with default filters, that does a great job in the vast majority of cases. Ted Bardusch [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
