| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pauls at utdallas.edu (Schmehl, Paul L) Subject: RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! We have found this approach to be the most successful one. Once we can get them to understand what's being done to their machines on a routine basis (scans, probes, attempted hacks, etc.) and what it costs to fix them, they're more amenable to the idea of us protecting them from all that mess. It's hard work but well worth it. Thanks for sharing that Karl. Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member -----Original Message----- From: Karl A. Krueger [mailto:kkrueger@...box.whoi.edu] Sent: Monday, January 27, 2003 9:27 AM To: full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] RE: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! The issue for us was similar to that M. Schmehl describes. Faculty at a university, or scientists and engineers at a research institution, are not simply employees of the institution. They -are- the institution; their work drives it; their creativity brings in the grants. In such an environment, it is utterly inappropriate for the institution's IT staff to tell them what they may or may not do with the network. Berating them for being security-clueless won't help, either. If you want them to approve of a default-deny firewall, you need to convince them of several things:
Powered by blists - more mailing lists