[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0307301653380.19774-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: Avoiding being a good admin - was DCOM RPCexploit
(dcom.c)
On 29 Jul 2003, Darren Bennett wrote:
> ***BEGIN RANT***
>
> The current IT attitude is really frustrating!
>
> A "good admin" is one that ENABLES services and systems to be USED by
> individuals. This relatively new attitude of disable/disallow/distrust
> is a bad way for the IT world to be moving. The statement "screw the
> students" is very depressing. I'm glad the Internet was developed with
> the opposite attitude. When systems are so poorly secured (and so
> DIFFICULT to keep secure) that the "solution" is to cripple other
> features, then another resolution is needed. Watching the Internet and
> the IT profession over the past few years has been increasingly
> depressing.
Interesting take on the issue of what is involved in trying to network or
surf safely. But, To enlighten, the concept of disabling services is not
all that new, at least not as new is percieved in IT and as pertains the
internet. The key problem is/remains, that TCP/IP was developed with no
concept of security in mind. Of course at that time, one mght reason why
would that be an issue, the 'internet' was a closed system, mostly only
defense contractors and universitites ewere privvy to it. And, as it
started to open up to others, the fact that there was no security in the
protocols started to become an issue. Now with an 'open internet' and so
much riding on the proposition that commencre can be cunducted in an
environment without any serious secure underpinnings, well, it's time to
shim.
>
> When a company's program or protocol is vulnerable, shutting down that
> program would be a better option than disabling the port/service/etc.
>
Yes, like ftp, telnet, gopher, etc, finger, rwho, etc, all protocls with
little or not thought involved as to security in their design.
ssh, ssl, ah, esp, ipV6, tcpd, ipfw, etc, all shims to try and fix the
design flaws of the originals...
If you are comfy with the way things are and were designed, then you would
most likely be just as comfy with posting the pin for your bank account on
a 10X8 foot banner on the road side of your home.
[SNIP the fingers got to sore to continue]
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists