While a discussion of the technical side of this is not off-topic, a
finger pointing match may be, but I feel I should reply to the
statement: "Maybe this incident will teach the IT admins a lesson, take
security seriously and patch servers as soon as vulnerabilities are found."
I fully acknowledge that the patch could have already been in place. I
believe that having an incident like this occur is enough beratement,
however, for those (like me this time) who only rarely get behind in
patches.
In many instances, especially in public school systems, the server
administrator happens to be:
1. An hourly employee who is not allowed to go into overtime.
2. The only person who knows about or wants to know about how to secure
a server
3. A person who is expected to handle field hardware and software
support for the full gambit of systems in an organization
4. A person who is expected to show up at meetings that that person has
no real useful involvement
5. The only person who knows or cares to know about LAN design,
troubleshooting, and repair.
6. The only person who knows or cares to know about WAN design,
troubleshooting, and repair.
7. Is usually at the mercy of an internal power struggle where the
person is ordered to spend their time on "more important things" than
keeping up with patches that are issued every other day for broken M$
software, as they would LIKE TO DO.
8. Is making their very best effort to keep up with security
developments between emergencies.
9. Is usually the one who gets the finger pointed at them when
something like this happens after they were told other things were more
important.
I normally keep up with patches much better than colleagues in other
systems. It just so happened that this one didn't get applied in time.
I would be to blame only because I wanted to keep my job and follow my
boss's priorities. In many cases, it is not the system administrator at
fault, it is that person's support from management or upper
administration (which can vary depending upon their knowledgability of
security situations).
Just my opinion,
Curtis
Mail wrote:
> If IIS would have been patched as per Microsoft's Security bulletin (June
> 18th 2001) then you would have not been affected.
>
> Maybe this incident will teach the IT admins a lesson, take security
> seriously and patch servers as soon as vulnerabilities are found. If admins
> would have patched servers when the advisory was released this would have
> been a non-issue.
>
> Subscribe to Microsoft's security bulletin at
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> bulletin/notify.asp and patch servers when vulnerabilities are found. You
> may also want to subscribe to Cert's list for advisories at
> http://www.cert.org/contact_cert/certmaillist.html.
>
> Just my 2c
>
> Peter Verzoni
>
>
> ----- Original Message -----
> From: "Curtis Faulkner" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, July 20, 2001 9:56 AM
> Subject: Re: [imail] If you are running IIS read this.
>
>
>
>> If anyone believes this is off topic for an IMail list, I apologize. I
>> happen to believe it is very much on topic considering the number of us
...
______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
To Manage your Subscription......... http://humankindsystems.com/lists
