| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) On Tue, 12 Aug 2003, Evans, Arian wrote: > Chris, > > #That's only good if you're at home and they would also need to be savy > #enough to know how to configure it properly > > 2000 and XP have builtin IP packet filters. XP has a "personal > firewall". > > I'm not sure what being at home (or being elsewhere) has to do with it, > but the fact remains that the technology is there. The packet filtering > is rather IP-chains like; it's completely stateless, and configuration > is > a manual process requiring basic TCP/IP knowledge. > Aye, there's the rub <quoting that famous playwrite> knowledge/skillbase and it's relation to internet protocols, let alone those folks that might have other protocols running. Most users have no real concept of TCP/IP, few that even know it's the internet's communication standard know the difference tween a connectionless protocol and one which is connection oriented. Then there's the complexity of windows and it's applications and the core OS trying to do all this communication between itself and each application, both on localhost as well as broadcast to the world. Not many home users have that knowledge, and there are many folks that work for IS/IT depts that lack it also. Not everyone that works for an IS/IT dept is a admin/net-guru/etc, there's alot of book-keeping, customer relations, etc that requires a skillset dramatically diffeent. How do htese users determine what ports to block, which direction<s> to block, which NIC to do the blocking, etc? And this does not even venture to deal with the knowledgebase required to know if a systems been patched, or that patched system being reversed out of a 'safe-set-up" due to new applications being added. Security, firewalling, hell just installing an OS even an application, is to many, still a blackart, and requires voodoo chants, waving of dead chickens, and the proper colored clothes while doing all that... When one considers how many folks have a blinking timer unset on the new vcr/dvd player in their livingrooms, it's not surprising that tools that are there are not understood, let alone used. It's one of the reasons that so many vendors ship products with such "unsafe" default configurations. Ship the devices wideopen and avoid the support costs to clue a user in or 'fix' what was not shipped functional in the product. Truth be told, some folks don't what to know 'how it works under the hood' as long as the points and clicks produce the output they wishfor, life is fine... sucks, don't it? <smile> Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists