Quoting Neil Schneider <[EMAIL PROTECTED]>:
Gabriel Sechan said:
From: Mike Marion <[EMAIL PROTECTED]>
Did a quick search and didn't see any talk of this on the list:
http://www.ranum.com/security/computer_security/editorials/dumb/
Should be required reading for anyone that wants to be a programmer,
admin,
or
really work in any level of IT (especially management and execs
should be
forced to read it too).
One problem with his enumerating badness point- if you do
the opposite and lock down anything but a list of apps, it
can be hard to get things done. Who here hasn't needed to
write a quick program, or dl one from the web to get
something done before? Multiply that by everyone in a
company. If you had to get approval for every little app,
you'd be in major trouble.
You're a programmer, right? This is a typical programmer's point of
view. Marcus Ranum is a security expert. His point of view is in
securing the network from intrusion. I can relate. I can't count the
number of times I've had requests to create holes in firewalls without
regard to the security consequences. I don't consider myself to be the
kind of expert that Marcus is, but I know enough to know that he is
right.
You can't predict all the possible threats to your network from the
outside, so you have to start from a deny everything, allow what is
required baseline. Otherwise you won't even see the attacks coming,
because they're so numerous. I've monitored the logs of a new firewall
I brought on-line, with a new connection, on a newly assigned IP. The
attacks are almost instantaneous with the connection.
Case in point...
I have a rule in place on my sveasoft loaded WRT54G router at home that will
block any further attempts to hit the ssh port after 3 in a minute from the
same IP happen. This is to block dictionary attacks. Here's the log info
for just the last 10 days:
www log {505}$ !! | sed 's/SRC=//g' | sort |uniq -c | sort -n
awk '/RATE_LIMIT/{print $10}' firewall | sed 's/SRC=//g' | sort |uniq -c |
sort -n
2 201.145.24.178
670 213.198.65.185
985 211.233.89.109
1580 81.19.34.110
Only 4 IPs but look how many attempts... wow. Without that block and logging,
I'd never know.
I think people are misinterpreting what he's saying too. Like the quote about
you can stop occasional problems. I think he's talking about the mindset..
that most people just assume you can't, so why bother. He's saying that with
proper planning and work, you can. Sure, in the real world we still have
problems, but if _everyone_ followed the right procedures, they'd be
minimized and perhaps removed alltogether some day.
But the bit about Educating users is dead on.
--
Mike Marion-Unix SysAdmin/Staff Engineer-http://www.miguelito.org
Marge: "Homer, sitting that close to the TV can't be good for you."
Homer: "Talking while the TV's on can't be good for you!"
==> Simpsons
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
