[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1044545649.15689.108.camel@utd49554.utdallas.edu>
From: pauls at utdallas.edu (Paul Schmehl)
Subject: SQL Slammer - lessons learned
On Thu, 2003-02-06 at 06:32, John.Airey@...b.org.uk wrote:
>
> We've drifted from my original point, that ports used dynamically by IP
> stacks should be distinct from service ports, so that ISPs or administrator
> CAN block them without impacting the end user if they so wish. At the minute
> we need stateful filtering to rescue us from the port allocation mess we are
> in. SQL Slammer was only as successful as it was because stateful filtering
> isn't widespread, ie this one got past many administrators of large networks
> who are already careful about which services are publicly available.
>
> Given the choice between controlling traffic at the border or keeping
> thousands of "non-public" machines up to date, I know which I'd choose.
>
I think Slammer has pointed one of the biggest problems with security
today - hard shell on the outside, soft chewy middle. Any time I get
involved in discussions about security philosophy, it always seems to
drift to how to keep the bad guys out. Well, at a university, the bad
guys are *inside*. They're learning programming, networks, algorithmic
theories, security principles, etc, etc, and they're *very* eager to try
it out.
For example, everybody gets really concerned about wireless network.
OMG, what are we going to do? WEP just isn't good enough. Well WEP is
a darn sight better than the plain text traffic on the hard wired
network. Why aren't we freaking out about that? I contend it's because
everyone (big generalization here) sees the wired network as "secure".
I mean who's going to tap in to that, right? WRONG!!!
When I think about securing something, I think about securing it from
*everybody*, outside *and* inside the network. But that isn't the
present focus of the security industry *in general*.
--
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member
Powered by blists - more mailing lists