[50165] in North American Network Operators' Group
Re: If you thought Y2K was bad, wait until cyber-security hits
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sat Jul 20 23:38:52 2002
To: Scott Francis <darkuncle@darkuncle.net>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Sat, 20 Jul 2002 17:28:20 PDT."
<20020721002820.GA4776@darkuncle.net>
From: Valdis.Kletnieks@vt.edu
Date: Sat, 20 Jul 2002 23:37:49 -0400
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_558047274P
Content-Type: text/plain; charset=us-ascii
On Sat, 20 Jul 2002 17:28:20 PDT, Scott Francis <darkuncle@darkuncle.net> said:
> _Microsoft_ managed to get a security 'Gold Standard' for one of its
> products? This must be for some non-golden value of gold ...
Microsoft didn't do anything (take that as you may). The CIS and SANS crew did
up their W2K benchmark - the news here is that the NSA, GSA, and NIST are all
throwing their backing of it as a Good Thing.
It's a *long* checklist of everything you need to do to W2K to beat it into
submission security-wise. Basically, *after* you do everything on the list, it
will require a *skilled* hacker or a script kiddie with an actual 0day exploit
to 0wn you.
I didn't get involved in that one, but I've been working on the Unixoid
stuff with CIS and SANS. We make no claims that if you do everything on
the checklist that you're secure - the claim is that *failure* to do
everything is demonstrably *insecure*.
Yes, you read it and every single item will strike you as "any sysadmin
who didn't just fall out of a tree knows THAT". The oft-overlooked point
is that most sysadmins DID just fall out of trees - often landing on their
head in the process.
Think of it as recognition that "Your Clue Must Be --->THIS<--- Tall To Ride
The Internet". It's about time...
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_558047274P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE9OiyNcC3lWbTT17ARAm6xAKC+Mavz6JFgd3JRJT5c5KIjD9qcMQCgwIjW
hcK7omcu7vuSWC5vx/4qJmw=
=MFMc
-----END PGP SIGNATURE-----
--==_Exmh_558047274P--
