On Thu, 29 Mar 2001, Richard B. Johnson wrote:
>snipped<
First mistake:
your security administrator relied on the firewall for protection.
It is an _aid_ to security; not the 'be all and end all'. IOW, the hosts
weren't hardened to resist penetration in case the firewall didn't cover
it.
Second mistake:
your security administrator didn't make known the changes taking
place, so that clueful users could have taken some preventative steps on
their UNIX boxes.
Third mistake:
your security administrator either didn't know about; didn't care
about; or didn't act on security problems for linux and solaris -- which
have been posted, discussed, and addressed on many general or OS-specific
security lists.
Fourth mistake:
your security administrator, rather than address the problems, is
sticking his head in the sand and mumbling 'Windows' -- which, as an OS,
is a christmas tree where every bauble says 'please hack me!'.
In short, your security administrator needs to be dragged out, shot, and
left hanging by the front door as a warning to his replacement.
Or, at least fired.
-- -- John E. Jasen (jjasen1@umbc.edu) -- In theory, theory and practise are the same. In practise, they aren't.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Mar 31 2001 - 21:00:21 EST