Date: Thu, 06 May 2004 16:53:06 GMT From: -Bob- <uctraingNOSPAMMEnospamanet.com> Subject: Re: OT- Heads Up - Sasser plug
On Thu, 06 May 2004 12:21:21 -0300, Dexter J <lamealameadingdongnospamlamelame.org> wrote: >Thusly - while it is always possible that I (or anyone) may be cracked (on >any OS) - my prototype provides a professional measure of control and real >time reporting so a given probe doesn't go rogue. As you say, 'you're in >the door' - but - you can't really prowl the house openly on a dexterdyne >build. I agree that your "thin Windows" is the way to go. However, I still have those "architectural-business" issues. While I could provide lots of example, I'm sure you know too well how much garbage gets installed with any MS app. It's often not needed - but just in case one MS app has to work with another it's installed. The list of "stuff your system doesn't really need" is almost endless. But, you won't catch MS telling you what's needed because the goal is a homogeneous system with everything installed. >Then it is simply a matter of responsible and ongoing deny/allow and >creative configuration administration exactly like 'real infrastructure' - >which is actually what sets most Unix/MVS installs apart from most >MicroSoft infrastructures. Agreed. The chief difference though, is that the Unix/MVS/VMS/you-name-it real operating systems come with detailed instructions as to what needs to be accessible to the product you are installing. They install in a defined area and when they need to put something in a system area or replace a system module, they tell you about it. Not MS, wrong model for them. > >I do not basically trust hardware appliances like firewalls on the network >- because in the end they eventually become unmonitored in real world >operation and they do nothing in the event someone behind the firewall >opens 'something new'. As to software fire walls, they are as subject to >compromise as anything in a given OS service stack. Check this out on both >counts: Agreed again, but they still serve a filtering function, IMHO. Serious physical security is built with rings of defense. You have to get past level 1 to hit level 2. That's generally a good strategy even in computer security design. And, while firewalls are not infallible and are subject to attack, at least the people building them are thinking about security as a primary job... not as an annoying department that makes developing software more difficult. At the very least, they give you a place to shut off the network when an internal or external attack has been exposed. >There is simply no real substitute for honest, life suckingly boring, real >time system administration and supporting intuitive wetware talent. Much >like owning a SAAB actually. He, he, he. I agree. Unfortunately, MS "sells" something else. They'll sacrifice security any day to make the Admin's job "easier". >Basically - you are rewarded or boned based entirely on what custodial >expertise you actually pay for regardless of what the marketing droids of >all stripes would have people believe. And that, in a nutshell, is why >MicroSoft infrastructures are more often the victim of plagues. It is made >to be ready and well understood prey by cost cutting in combination with >cheap administrative talent. Yep... and it's part of their strategy. MS only cares about security holes to the extent that it affects sales. Again, that's my key point. Security is note really one of their goals... it's an annoying side track for them.
 |
 |
 |
 |
 |
