On 28 Oct 2001, at 0:28, Terry S. Arnold wrote: > Another consideration is that many system/network administrators have > gotten ludicrous about what they will allow on their networks. They > think that Prime95 just might let in a virus or even worse spill > "company secrets". By and large they are totally ignorant of the real > issues involved with securing networks. All most of them know about > the implications of the various protocols in the TCP/IP suite was what > it took get their MCSE if they have even that much training.
As a "system/network administrator" specialising in security matters I just _have_ to answer this one. 1) It's perfectly true that there are a large proportion of sites with incompetent sysadmins - especially from the point of view of networking. Especially in small companies, where the sysadmin function tends to be bolted onto another job as a low-priority "extra" task. 2) AFAIK none of the MSCE courses cover security in any depth at all. In fact the approach seems to be the _reverse_ i.e. teach people how to set up & administer systems in an unduly risky way, without even bothering to mention basic security tools or methodology because they're not essential to _Microsoft_ networking in a laboratory/classroom environment. Based on recent experiences with Code Red & Nimda, 95% of the problems on our site came from the 1% of the systems located in business incubator centres attatched to the University but "administered" by the businesses themselves. Basically it's rare for these people even to be aware of most of the services running on their systems (anything that comes preloaded on the system gets run, irrespective of whether it's absolutely neccessary or absolutely unneccessary); as for applying critical updates, they seem to be trained to think one of (a) it's much too hard, (b) it will break the functionality, (c) they simply don't understand why they need to bother with such things. _Despite_ how easy it is to run Windows Update. The only way I've been able to get these people to apply updates is to get sanctioned to scan their systems for vulnerability to Code Red & Nimda, & block _all_ access to vulnerable systems until they get patched (or take down the IIS service). To my knowledge, many ISPs had to take similar action. At least _some_ universities & Fortune 500 companies have competent sysadmins, but there are a whole lot of "mom & pop" businesses out there; a high percentage of them would be an absolute pushover to anyone "wearing a black hat", even if IIS installations have now mostly been patched to a reasonable level. As for distributed computing projects being a security risk - basically I think in many cases _management_ may be misusing "security" as a screen for filtering out anything _they_ don't understand. In my experience few of these people are aware of the scale of network _abuse_ (note, not _neccessarily_ a threat to security) that goes on by way of end users installing peer-to-peer "file sharing" software on their workstations; probably 99% of the files "shared" over these P2P networks are in effect illegal distributions of copyrighted material. They're certainly _not_ aware that Windows systems with e.g. Kazaa clients are quite capable of "sharing" not just the offending copyrighted material but also everything else on the system - or attatched to it through open LAN shares. Yes, including "company secrets". Quite apart from that, the volume of traffic involved with these P2P networks can be huge, certainly enough to seriously impact network links. (Before anyone takes me to task on the above paragraph, quite frankly I am totally opposed to the DMCA, the proposed SSSCA and all similar legislation. But I am also opposed to unauthorized distribution of copyrighted material. IMO the force of the law should be applied against those individuals making the copies, not against those who write software or the posession of hardware which might possibly be used to make illegal copies.) Under these circumstances I find it hard to understand how anyone can think that compute-intensive, network-friendly applications can be a problem. As for "letting in a virus" - if people really thought that, they just wouldn't use Microsoft products. How much of a threat was Code Red or Nimda infection on a system which wasn't running Microsoft Exchange, Microsoft Internet Information Server or (in the case of Nimda) Microsoft Internet Explorer? Well, _other_ infected systems might load up your network to some extent, but _your_ system certainly wasn't going to get infected! Regards Brian Beesley _________________________________________________________________________ Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers
