[76702] in North American Network Operators' Group
Re: New Computer? Six Steps to Safer Surfing
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Tue Dec 21 01:34:02 2004
Date: Tue, 21 Dec 2004 12:03:12 +0530
From: Suresh Ramasubramanian <ops.lists@gmail.com>
Reply-To: Suresh Ramasubramanian <ops.lists@gmail.com>
To: "Christopher L. Morrow" <christopher.morrow@mci.com>
Cc: Scott Morris <swm@emanon.com>,
"Matthew S. Hallacy" <poptix@poptix.net>,
Sean Donelan <sean@donelan.com>, nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0412210618510.11301@sharpie.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 21 Dec 2004 06:22:17 +0000 (GMT), Christopher L. Morrow
<christopher.morrow@mci.com> wrote:
> there are others of course... it's not the OS that matters in the long
> run, it's the administration of that OS (or so it seems to me, admittedly
> not a sysadmin though, anymore). Sure, initial/default installs might be
> problematic in one/all OS's, but by and large extended lifetimes on a
> live/hostile network means patches must be applied. Seems like that
> doesn't happen by and large.
[waiting for an OpenVMS user to speak up]
Frankly, from an operational perspective, I guess the only way to go
is to trust the inside of your network even less than you trust the
outside ... and have processes that quickly isolate and block access
from / to compromised hosts till they are fixed.
Modulo various "100% efficient" solutions that I see advertised, we do
need a reliable, and quick reacting, way to do this.
--
Suresh Ramasubramanian (ops.lists@gmail.com)
