| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6199A25648C5CF4596C8577AC6D20313351F@osiris.wetgoat.net> From: james at wetgoat.net (James P. Saveker) Subject: Re: Microsoft Security, baby steps ?[Scanned] [Scanned] [Scanned] Valdis.Kletnieks@...edu said.... <snip> All very good "best practices" concepts - too bad so few sites manage to actually deploy them correctly.... That's the *real* challenge of trying to secure a network - the vast gap between what could be done given the proper mandate and financing, and what you can usually actually deploy with the mandate and financing you actually got. :) > In fact all tasks for smaller companys can be done by people with > little up top using SBS 2003 and enjoying the wizards. Which is fine, until something goes Terribly Wrong and there's no sign of the Terribly Wrong-Fixing Wizard to be found. ;) (Guess who's come across waaay too many boxes that the owner didn't know were compromised because the box knows how to say "You've got Mail!" but doesn't know how to say "You've got Malware!" ;) </snip> Yes indeed. I agree with you entirely. Seems I am struggling to make my point. You mention best practises, in my opinion being only a poor old wet goat I think that if people valued "standards" as well as experience in IT&T then perhaps regardless of budget; solutions could be tailored for individual business needs, even if a company has to resort to outsourcing. Too many people bash MCSE/MCSA but jeez, if someone has got that piece of paper they can do it period. I have seen companies running SBS and using ISP mail accounts when exchange is part of SBS, madness! Also they have not got ISA configured correctly, assuming correctly does not involve a rules allowing all traffic from all sources to flow bi-directionally. People that set up servers like that should be shot, or at least not allowed to practise as consultants. But then that's the small business side of the pie. James Saveker www.wetgoat.net "The only thing which helps me maintain my slender grip on reality is the friendship I share with my collection of singing potatoes..." This e-mail has been virus checked by Sophos Mail Monitor. There are inherent dangers in the opening any Attachments contained within e-mails. wetgoat.net cautions you to make sure that you completely understand the potential risks before opening any of the Attachments. You are solely responsible for adequate protection and backup of the data and equipment used in connection with this e-mail service, and wetgoat.net will not be liable for any damages that you may suffer in connection with using, modifying or distributing any of the Attachments. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3024 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040318/377712b5/smime.bin
Powered by blists - more mailing lists