[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] RE: 'On my Soap Box'
- Subject: RE: [cobalt-security] RE: 'On my Soap Box'
- From: Graeme Fowler <Graeme.F@xxxxxxxxxxxxxxx>
- Date: Tue, 6 Mar 2001 14:35:31 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Mark Anderson wrote:
> I beg to disagree... With the huge ammount of resources
> avilable to admins such as Bugtraq, Packetstorm, CERT, etc,
> it takes little intelligence to secure a machine on the
> internet these days. The only hinderence to efficient
> security is laziness. The ability to successfully attack a
> machine and gain elevated privileges is allot more difficult
> and requires more intelligence.
> I am 19, I have had no formal training or education that
> would help my job yet I have been keeping upwards of 5 servers
> secure and operational for two years now. I suggest that if I
> can do it, than any can (should they try).
Did I not say that 'security through obscurity' was a bad thing?
And that being paranoid was the way to do things?
Sorry Mark, I fail to see what your argument is here. You've basically
agreed with exactly what I said in the first place!
The whole point I made was based around the exact same sites you've
quoted: they enable sys-admins to secure things well, but they also
publicise the very same exploits in detail, including the virtually
no-brainer methids of attack.
The basic problem I see these days (and I am a little older than you!)
is that there are literally thousands of people running webservers,
whether in server farms, colocation centres or hanging off of the end of
a DSL or cable connection, who have *absolutely no idea* what they are
doing. I work for a hosting company and it's surprising at times just
how little some of our customers really do know (no disrespect to those
subscribed to here; you at least know where to look for information!).
When you ask someone if they've patched their system and they ask what a
patch is... enough said.
Graeme