[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] 'On my Soap Box'

Subject: RE: [cobalt-security] 'On my Soap Box'
From: Graeme Fowler <Graeme.F@xxxxxxxxxxxxxxx>
Date: Tue, 6 Mar 2001 11:56:37 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

I'd like to expand upon a few points Adam raises...

> 0. Take security personally, don't rely on service providers 
> or assume others care about it !

Absolutely. 'Security through obscurity' is simply not a valid approach;
assuming that It Won't Happen To You [TM] is probably one of the worst
things you can do.

> The majority of hosting companies and ISP's do not have the 
> time or motivation to ensure you have a secure service, which
> you have every right to have in my estimation. It is very
> important that you take security as 'your' responsibility.

I suspect you will find that the 'majority of hosting companies and
ISPs' have a clause in your contract which states explicitly that
security is your concern, or that you have complete control over the
machine - which implies that security is your problem and not theirs.

> a) assume your server may be compromised, don't trust netstat 
> or other OS functions

Your server will, at some point, be scanned/attacked/compromised (in
that order although not necessarily successfully). It is a machine which
faces the world. That world contains a whole raft of really irritating
people who like nothing more than boasting to their acquaintances over
ICQ that they've just 0wn3d your machine, even though it takes very
little intelligence to do so.

> b) get nmap and learn how to use it - http://www.insecure.org/nmap

Be careful doing this. You may find yourself on the receiving end of a
TOS or AUP violation from your ISP or hosting company! If they're the
sort of company who have an IDS runnning they *will* pick up these scans
if you fire them from a remote machine.
IMO it's better to either warn them first or, even better, carry out the
scan by running the scanner on the target machine. That way the traffic
never leaves the machine and won't be picked up elsewhere.

Also, take the time to learn just what the report the scanner fires back
at you really means. Remember that some ISPs/host sites will be running
a small amount of filtering, and that the word 'filtered' means just
that...

Other than that, I agree pretty much entirely. Being paranoid is A Good
Thing.

Graeme

Follow-Ups:
- RE: [cobalt-security] 'On my Soap Box'
  - From: Adam Sculthorpe

Prev by Date: [cobalt-security] 'On my Soap Box'
Next by Date: [cobalt-security] RE: 'On my Soap Box'
Previous by thread: Re: [cobalt-security] February Hack Update
Next by thread: RE: [cobalt-security] 'On my Soap Box'

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index