RE: [cobalt-security] RE: 'On my Soap Box'

[Graeme Fowler <Graeme.F@xxxxxxxxxxxxxxx>]

Mark Anderson wrote:

> I beg to disagree... With the huge ammount of resources 
> avilable to admins such as Bugtraq, Packetstorm, CERT, etc,
> it takes little intelligence to secure a machine on the
> internet these days. The only hinderence to efficient
> security is laziness. The ability to successfully attack a 
> machine and gain elevated privileges is allot more difficult
> and requires more intelligence.
> I am 19, I have had no formal training or education that 
> would help my job yet I have been keeping upwards of 5 servers
> secure and operational for two years now. I suggest that if I
> can do it, than any can (should they try).

Did I not say that 'security through obscurity' was a bad thing?
And that being paranoid was the way to do things?

Sorry Mark, I fail to see what your argument is here. You've basically
agreed with exactly what I said in the first place!

The whole point I made was based around the exact same sites you've
quoted: they enable sys-admins to secure things well, but they also
publicise the very same exploits in detail, including the virtually
no-brainer methids of attack.

The basic problem I see these days (and I am a little older than you!)
is that there are literally thousands of people running webservers,
whether in server farms, colocation centres or hanging off of the end of
a DSL or cable connection, who have *absolutely no idea* what they are
doing. I work for a hosting company and it's surprising at times just
how little some of our customers really do know (no disrespect to those
subscribed to here; you at least know where to look for information!).

When you ask someone if they've patched their system and they ask what a
patch is... enough said.

Graeme