North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: How to get better security people
> Date: Tue, 26 Mar 2002 12:56:39 -0500 (EST) > From: batz <firstname.lastname@example.org> (snip) > Nimda and CodeRed were excellent indicators of how a good > security policy can be a competetive edge during (increasingly common) > global incidents. Hopefully we will see more security folks pressing > this message, and more decision makes hearing it. Sun Tzu and Lao Tze in the 3967/3561 thread... ...anyone else read Demming or other TQM proponents? Visible numbers only syndrome is the problem with many people's attitudes toward security... I could name a local (Wichita) company that for the longest time was running IIS4 + SP5, vulnerable to the iishack buffer overrun. They stored their websites and company files on said machine. The goons^H^H^H^H^Hconsultants who set it up gave a big "it's secure because it's NT -- look, it asks for passwords" spiel that management bought. Even after one of their employees _demonstrated_ how an arbitrary person could break in. Response? "We're not that big... nobody would be that interested in us." Warnings about random scans fell on deaf ears. Service patches were never applied. When some suspicious happenings left said server inoperable, they just installed Win2000 and went on, not caring what had happened or why. No, I was not the employee. A friend of mine worked there before getting fed up and quitting. "If it works, it must be right," versus, "It doesn't truly work unless it's right." I find it amusing how the same people keep who keep things under tight physical lock and key are so lax and apathetic about electronic security. As Demming said, "People who buy on price alone deserve to get rooked." Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence -- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <email@example.com> To: firstname.lastname@example.org Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <email@example.com>, or you are likely to be blocked.