All the comment here are so tiring and annoying. Always the same discussion between "must patch" "change system" "deactivate things". Here is the truth :
- Most people are irresponsible, they should apply the patch as soon as they appear otherwise they are bad, at least a lot worse than those nice daily patchers that think they are better because they patch faster.
- Most people are stupid, they should change their system and chose something exotic that nobody know how to hack, like a self written server in ADA. Of course the good ones are those few genious that know that, they are the only reliable ones.
- Most people are lenient or ignorant, they should take the time to read the web and find the right way to configure their servers. If you take time, and have the proper knowledge you can be nearly as good as those rare gods who alone know how to prevent any problem to occur.

Indeed there is no absolute answer.
I have learned that when many solutions exist the best one is always a mix of the best features of each one. So patch when necessary, use a server that is not known to be like swiss cheese by default, and know enough your configuration to make it behave properly.
When you will have done all that you will be at a medium security level.
Next step for you will be analyze your system integrity with automated tools regularly and add some IDS and anti-virus with automated database retrieval to your network. Additionaly put most of your system on a physically read-only medium (like a bootable CD).
Now you can take time to do your real job, if someone break in undetected you will have the proof of alien life. I suspect that most people writting here have no real job, just real income. If your job is to pray all the day to have your ship float you are in bad situation. Better use your brain and manage your network so that things work so well that even in case of building fire and Internet war everything under your responsability continue working smoothly.


I hope my comments are humorous if not helpfull

Sculder (Y-files)


P.S. : Tim is really a bad columnist, it would be funny to read him from time to time if only people at securityfocus were putting big "JOKE" pictures in the background of his articles. Anyway I must be honest, I think I remember reading an interesting article from him once, but most of the time what he writes is very bad publicity for the serious of securityfocus.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/74/11984#11984