My comments imbedded:
On 15 May 2001, at 22:46, Drew Simonis wrote:
> Sean Young wrote:
> >
> > I have a few suggestions for you:
> >
> > 1) get rid of Microsoft windows servers and Sun Solaris;
> > Use only NetBSD and software that are open-source,
>
> This is the most ignorant suggestion I have ever seen. How many times
> will it have to be repeated before it gets through... OS's aren't
> secure. None of them. Proper administration, among other things,
> makes them more secure, but nothing is ever totally secure.
While I agree with the gist of this statement, it is true that some
OSes are more secure in their default configuration than others.
Granted, anyone who installs a default config for publically
accessible devices is asking for trouble no matter what the OS is.
It's also true that in theory, open source software gives security
benefits that cannot be gained through closed source code. In
practice, not many companies seem to have the knowledge or
experience to audit the code they use, so this benefit may not be
that big in practice.
> And to the OP... to be specifically technical, an IDS does nothing to
> assist your security. It allows you a greater incident response
> capability. (and anyone who mentions things like dynamic ACL updates
> and router shunning, etc... Show me a network that does this, I'd
> love to see one.)
I've seen companies that were experimenting with this with mixed
results. The problem is that you have to really prune down the
false positives. This is an area of ongoing research and I think
some companies are getting better at eliminating false positives or
getting them down to a bare minimum.
>
> Maybe one day someone will release an IPS (intrusion prevention
> system) but until then, we can only react.
>
I'd say that there already is an IPS "system", but it's a process,
not a product. :-)
Securing perimeters, hardening hosts, auditing the apps and
protocols in use and creating security policies that work are all part
of the process. If done properly, the bar can be raised to a
sufficiently high level that only the most motiviated attackers can
reach it, and all others will be deterred.
Problem is, one has to constantly check the bar and make sure it
is high enough in light of new security issues and/or changes to
the environment. One can formalize the process to an extent, but I
doubt any single or even set of products will get to the point where
they are sufficiently self-tuning to perform this correction process
on their own, at least in the near future.
To the OP, I would say that if your concerned about your sites
security, you need to understand what the process of security is all
about before you start buying and implementing products. I
recommend getting "The process of network security" by Wadlow
as a good introduction to the task at hand. Once you understand
the process, you'll be in a much better position to evaluate what
products can assist the process.
HTH,
Kent
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html Report misconduct and
> Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5478&t=4610
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
