If the web site id that important to the business, there should be a dedicated web-server, so if there is a break-in, it's *just* the web server hit, and there should be *daily* back-ups. If the server is hit, throw the back-up online and, although you lose time fixing the primary server, the revenue stream remains virtually undisturbed.
Also: never use M$ server products, unless you *want* to be comprimised. On Tue, 2 Oct 2001, Rich C wrote: > > ----- Original Message ----- > From: "Derek D. Martin" <[EMAIL PROTECTED]> > To: "Benjamin Scott" <[EMAIL PROTECTED]> > Cc: "Greater NH Linux Users' Group" <[EMAIL PROTECTED]> > Sent: Tuesday, October 02, 2001 1:21 AM > Subject: Re: Website defacement (was: Anti-terrorism bill...) > > > > On Mon, Oct 01, 2001 at 08:52:06PM -0400, Benjamin Scott wrote: > > > On Mon, 1 Oct 2001, Derek D. Martin wrote: > > > > ... and the affected site should be able to replace the trashed web > > > > server in about 15 minutes, IF they notice it's been trashed, and IF > > > > they have a proper disaster recovery plan. > > > > > > There is no way you are going to recover from a security compromise in 15 > > > minutes, Derek. Come on. You of all people should know that. > > > > O.k., fair enough. But what am I really saying here? I'm saying that > > the vast majority of attacks on people's systems just can't qualify as > > terrorism. Why? Well, first of all because there's just no terror > > involved. They're attacks on inanimate objects, or on corporate > > entities, in most cases. Neither of which are capable of being > > terrified. > > I'd like to respond to this in the most polite manner I can: BULL$H!T! > > All you have to do is ask the average IT manager what makes up his day these > days, and you will see that he is under the same pressure as our government > to secure his infrastructure and protect his citizens (users) from attack. > He is taking down his web sites, losing revenue, marketing presence, and > customer convenience, in order to rebuild his servers and improve his > security, just as the U.S. had to close our airports and ground aircraft to > secure our safety. > > He is spending his productive hours analyzing new virus reports (I am on > just one mailing list and I receive dozens of new virus reports every week) > evaluating antivirus software for its ability to respond and repair damage, > and its timeliness in doing so. He is tightening up his security procedures, > to the inconvenience of his users. > > He is spending those hours doing these things in lieu of what he would > normally be doing: working to improve the efficiency and convenience of his > company's computing infrastructure. > > His company has spent more in lost revenue, employee productivity, and lost > time rebuilding servers than they surely planned for, which will undoubtedly > lower income projections, and ultimately, his company's stock. > > This is exactly what has been going on with our government and our country > lately in the aftermath of the attacks on NYC and the Washington. > > If that's not terrorism, I don't know what is. > > > > Secondly because in the vast majority of cases, even when > > the attacks succeed, the real damage is almost nonexistant. > > Oh really? Tell that to the guy across the hall from me who has had to > rebuild all of his Win2k/IIS servers because Nimda damaged them beyond > repair. I myself did a virus cleanup job over there, charging as much as a > new computer would have cost (and my rates are REALLY CHEAP!) That's one new > computer they won't be able to afford this year. > > > Yes, > > there have been a few high-profile exceptions to that rule recently, > > ILOVEYOU and Code Red, and what have you. Those specific incidents I > > think could qualify as terrorism, owing to the scale of the attack and > > the damage it caused. But as YOU well know, most attacks don't fall > > into that category. Most of these attacks we see really don't warrant > > more than a few hours of attention, even in the case of a root > > compromise (re-install OS, restore from back-up, patch the hole that > > was easy to find because the script kiddie couldn't cover his tracks). > > > > This bill seeks to put "unauthorized access" of computers, which some > > courts have held includes such things as a ping sweep, in the same > > category as driving a jet plane into a skyscraper. I think this is > > preposterous, and I think you would agree with me. > > Many people already look at such things as an unauthorized port scan as an > "attack." And while not all scans are malicious, they probably are justified > in doing so. > > It is not unreasonable to assume that the recent increase in viruses and > malicious attacks on our e-commerce system are funded by the same terrorists > who performed the more conventional terrorist acts. And it should be treated > with the same seriousness. > > Rich Cloutier > President, C*O > SYSTEM SUPPORT SERVICES > www.sysupport.com > > > > > ********************************************************** > To unsubscribe from this list, send mail to > [EMAIL PROTECTED] with the following text in the > *body* (*not* the subject line) of the letter: > unsubscribe gnhlug > ********************************************************** > -- Thomas M. Albright Albright Enterprises - "The Small Business Solution" http://www.albrightent.com/ ********************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the following text in the *body* (*not* the subject line) of the letter: unsubscribe gnhlug **********************************************************
