On Tue, 1 Mar 2005 15:46:51 -0500, Adrocknaphobia <[EMAIL PROTECTED]> wrote: > I'm just trying to figure out where you get off calling someone an > idiot. This isn't an information security newsgroup. I thought maybe > you were a subject expert, but you dont have your CISSP... So > basically, you are just some guy on _COLDFUSION_ list annoying (and > insulting) people with the stereotypical MS security rant.
I don't think it requires a CISSP to know that a firewall is a good idea -- we're not talking esoteric software/hardware security here. I think knowing that a firewall is a good idea is an example of common knowledge -- not something reserved for folks with a CISSP. If that's *not* the case, if you're saying that a typical COLDFUSION programmer doesn't know basic security considerations (lock down ports you don't want attacked) which for example, my 62-year-old mother-in-law is aware of, then we're in real trouble. And *horrors* -- a post on the ColdFusion list covering MS-SQL and firewalling?!?? Or one that annoys or insults some people? Clearly I'm breaking new ground here :) As an aside, how is this a stereotypical MS rant? I'll say the same thing about MySQL (block port 3306). Or making sure your Apache is running the point releases that handle the buffer overrun issues. > Exactly what is the point of your thread again? My point is that if you're not blocking external access (e.g TCP/IP) access to your MS-SQL Server, then you're an idiot. (see http://dictionary.reference.com/search?q=idiot, particularly the first definition -- "A foolish or stupid person"). If you're not taking basic precautions with your SQL Server (or any similar tool), you're a danger to you employer, you're a danger to anyone on your subnet (nothing like being on the same gateway as a box or two saturating the pipe with a zombie process), you're a danger to your customers, and you're a danger to anyone a cracker who takes over your box cares to target with spam, DOS, etc. I think that perfectly qualifies as a "foolish .. person". -- John Paul Ashenfelter CTO/Transitionpoint (blog) http://www.ashenfelter.com (email) [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:197023 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
