[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0312010952420.23466-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: automated vulnerability testing
On Sun, 30 Nov 2003, Jonathan A. Zdziarski wrote:
>
> > Aren't such measures -- especially the former -- simply crutches that
> > effectively _encourage_ the continuation of poor (even downright
> > negligent) programming practices?
>
> Only to the extent that TCP wrappers and firewalls are simply crutches
> to effectively encourage the continuation of poor systems
> administration.
>
>
Quite a flaw in logic there, I'm sure you meant;
Only to the extent that TCP wrappers and firewalls are simply crutches
to effectively encourage the continuation of poor systems networking
protocols that already exist.
Being that the flaws are inherent to the network protocols in use. Admins
have long known how to lock a system down, and keep it that way, remove
all users and limit access and functionality. That tends to make the
system far less then useful. But, the core issue lies with the networking
protocools that are meant to make iintersystem communications actually
happen. There was no security within their design, security was the
lowest factor in the developers mind at the time. And of course a rewrite
of all that code and then pushing that to the internet-citezenry at large
would be fairly daunting eh? Look how well the conversion from ssh1 to
ssh2 has progressed...
Thanks,
Ron DuFresne
Powered by blists - more mailing lists