[76703] in North American Network Operators' Group
Re: New Computer? Six Steps to Safer Surfing
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Tue Dec 21 02:10:03 2004
Date: Tue, 21 Dec 2004 07:09:35 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <bb0e440a04122022335f2aa03@mail.gmail.com>
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: Scott Morris <swm@emanon.com>,
"Matthew S. Hallacy" <poptix@poptix.net>,
Sean Donelan <sean@donelan.com>, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 21 Dec 2004, Suresh Ramasubramanian wrote:
> On Tue, 21 Dec 2004 06:22:17 +0000 (GMT), Christopher L. Morrow
> <christopher.morrow@mci.com> wrote:
> > there are others of course... it's not the OS that matters in the long
> > run, it's the administration of that OS (or so it seems to me, admittedly
> > not a sysadmin though, anymore). Sure, initial/default installs might be
> > problematic in one/all OS's, but by and large extended lifetimes on a
> > live/hostile network means patches must be applied. Seems like that
> > doesn't happen by and large.
>
> [waiting for an OpenVMS user to speak up]
>
> Frankly, from an operational perspective, I guess the only way to go
> is to trust the inside of your network even less than you trust the
> outside ... and have processes that quickly isolate and block access
This is quite correct... The blocking/isolation is helped if the network
is segmented early on, permit that traffic which is 'normal' place some
ids-like devices around and correlate logs/reports/incidents to properly
react when something goes awry.
> from / to compromised hosts till they are fixed.
>
> Modulo various "100% efficient" solutions that I see advertised, we do
> need a reliable, and quick reacting, way to do this.
>
I'm not such a fan of the auto-acting devices, I'd rather have a person
review the action prior to taking it.... Each security/network person
should determine how best to handle that themselves though.
