I agree, A lot of times the road to more secure systems is blocked by the business not understanding the security needs that need to be baked in throughout the IT systems implementation. ( System Development Life Cycle, anyone!!)
As we all know business usually want functionality first and think of security as an afterthought, until, the security researchers, the bad guys ( Hackers/Phreakers/Wackers/Crackers/other malformed deviants) basically find the flaws in the code, and write the exploits, which become the next big exploit, and someone find there pants around there ankles. Then the business turns around and says, " Why wasn't we secure" hopefully you keep those emails, showing them you told them about the flaws, and they chose not to put the pressure on the vendor/developer/coder to fix the problem before its exploited. People usually get lulled into a false sense of security when they keep adding layer after layer of security products to there network, hoping that the risk mitigation they think they are putting in by using layers on top of layers of HIDS/IPS/etc etc are going to save them. It only takes one mischevious admin or one backdoor to bypass your controls, and exploit the weaknesses on the system. EZ Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 -----Original Message----- From: Marc Maiffret [mailto:[EMAIL PROTECTED] Sent: Friday, March 21, 2008 11:08 PM To: NT System Admin Issues Subject: RE: Anyone have experience with Computrace? No problem, it is definitely a two way street for me. I have been on this list for over 10 years since I was 17 starting eEye and this list and all of you have been of invaluable help to educate me on where IT is going so I can think about what that means for security. As I have said in the past security is a reaction to how people do business, and you here are the implementers of those business changes. So for that I say thank you also. -----Original Message----- From: John Cook [mailto:[EMAIL PROTECTED] Sent: Friday, March 21, 2008 7:52 PM To: NT System Admin Issues Subject: Re: Anyone have experience with Computrace? Thanks Marc, I'm sure everyone here appreciates your insight, I for one am glad you have the time to help bring the big picture in focus for us. Painstakingly sent to you from my Blackberry. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
