[55381] in North American Network Operators' Group
Re: What could have been done differently?
daemon@ATHENA.MIT.EDU (Ted Fischer)
Tue Jan 28 10:45:10 2003
Date: Tue, 28 Jan 2003 10:35:17 -0500
To: "Rubens Kuhl Jr." <rkjnanog@ieg.com.br>, <nanog@merit.edu>
From: Ted Fischer <ted@fred.net>
In-Reply-To: <018f01c2c6cf$31d81590$1302a8c0@default>
Errors-To: owner-nanog-outgoing@merit.edu
At 11:13 AM 1/28/03 -0200, Rubens Kuhl Jr. et al postulated:
>| Are there practical answers that actually work in the real world with
>| real users and real business needs?
>
>Yes, the simple ones that are known for decades:
>- Minimum-privilege networks (access is blocked by default, permitted to
>known and required traffic)
>- Hardened systems (only needed components are left on the servers)
>- Properly coded applications
>- Trained personnel
I would just add, as has been mentioned by others (but bears repeating):
- A commitment by management
>There are no shortcuts.
Agreed
Ted Fischer
>Rubens Kuhl Jr.
