, 2003-04-07
A new poll finds that seventy-seven percent of security professionals believe Microsoft products are insecure. But a closer look at the survey tells a far more interesting story.
Expand all |
Post comment
The Reality of Perception
2003-04-07
Anonymous (6 replies)
Anonymous (6 replies)
The Reality of Perception
2003-04-07
AnonymousPeon (2 replies)
AnonymousPeon (2 replies)
The Reality of Perception - heh
2003-04-07
Anonymous (1 replies)
Anonymous (1 replies)
The Reality of Perception -
2003-04-08
AnonymousPeon (1 replies)
AnonymousPeon (1 replies)
The Reality of Perception -
2003-04-09
Anonymous (1 replies)
Anonymous (1 replies)
The Reality of Perception -
2003-04-09
AnonymousPeon (1 replies)
AnonymousPeon (1 replies)
The Reality of Perception
2003-04-07
Bill Hey <bill.hey@nospam.dsia.com> (1 replies)
Bill Hey <bill.hey@nospam.dsia.com> (1 replies)
The Reality of dumb people - "I see dumb people".
2003-04-09
Anonymous (8 replies)
Anonymous (8 replies)
The Reality of dumb people - "I see dumb people".
2003-04-09
Anonybori (1 replies)
Anonybori (1 replies)
However, look at the majority of the people who run Linux, and several other flavors of *nix. Most are young college students or high school students who are trying to expand their knowledge and to " Fight the evil empire (Microsoft)" Even though their previous copy of windows was pirated.
How much admin experience does this user have? Some have excellent knowledge of the OS, others are simply first time users.. So if someone has rooted them, and not noticably changed anything, would they notice? This also expands into the Microsoft server line.
What im attempting to get at, ( i hope ) is that patching, firewalls, all things related are good, no doubt. But what it boils down to is the fact of good, knowledgable admins.
(im throwing this last paragraph in to show that im human also =) )I've only been in the field for 2.5 years and believe me i have been burnt! I've been hacked, but not by the same means twice! Oh and im only been out of high school for 2 years. So im not a huge guru or anything. Just a guy from North East Ohio. But i am willing to admit when im wrong and when i dont know the answer.
But maybe we should stop calling people peons and such and start actually educating admins on how to figure out HOW they have been hacked and WHY they have been hacked.
I try to review my logs daily, and have a few things sent to my cell phone when they arise.. Now does this mean anything to me if i dont know what im looking at? No.. I spend a great deal of time on technet and other admin resources when a new alert comes to light.
To end this post which i think i may have branched off WAY too much.. I ask, stop the fighting and start the guiding. Throwing the answer book in front of first year admins or those who are deemed "unworthy" does nothing to promote and advance troubleshooting skills. All it does is give them the answer and doesnt actually educate them on the whos and whys... Not to mention how many times the "book" says its supposed to happen this way and really it doesnt.
[/rant]
Bob
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/152/19212#19212