lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030928232416.M35058@smi.kicks-ass.net>
From: erc at smi.kicks-ass.net (Ed Carp)
Subject: Re: Pudent default security

On Mon, 29 Sep 2003, Jay Sulzberger wrote:

> > Yes, that is what I was trying to say, however lamely.  The preponderance
> > of discussions and papers on security today focus on the network and how to
> > control the flow of data/packets.  But in the final analysis, the problems
> > always come down to the individual machine, be it server or workstation.
> > Why aren't security ideas focusing on that problem primarily?  Oh, we all
> > know you shouldn't run unnecessary services, but that's about as far as the
> > wisdom goes.

And that's why the MS Blaster worm and variants have been so successful -
most admins think that because they have a properly configured firewall in
place, they're invulnerable - never realizing that all it takes is someone
with an infected laptop to plug in behind the firewall, and they're toast.
But it's somewhat understandable, because all the trade mags have been
harping on is a centralized firewall for years.

> > IMO the vendors should be providing these types of tools as an integral
> > part of the OS in addition to shipping in an off-by-default model.  It
> > should be trivial to "do security" in an OS.  (It still blows my mind that
> > every WinXP box comes with UPnP on by default.  RPC I can *almost*
> > understand, but UPnP???)  I'm saying we need a paradigm shift in *thinking*
> > about how an OS should be configured out of the box *and* a paradigm shift
> > in the ease of configuration on an enterprise level.

At least it comes with some sort of firewall - a step in the right
direction, I think.  Too bad no one in my company runs XP - too
unstable...


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ