|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Computer? Six Steps to Safer Surfing
On Tue, 21 Dec 2004, Suresh Ramasubramanian wrote: > On Tue, 21 Dec 2004 06:22:17 +0000 (GMT), Christopher L. Morrow > <[email protected]> wrote: > > there are others of course... it's not the OS that matters in the long > > run, it's the administration of that OS (or so it seems to me, admittedly > > not a sysadmin though, anymore). Sure, initial/default installs might be > > problematic in one/all OS's, but by and large extended lifetimes on a > > live/hostile network means patches must be applied. Seems like that > > doesn't happen by and large. > > [waiting for an OpenVMS user to speak up] > > Frankly, from an operational perspective, I guess the only way to go > is to trust the inside of your network even less than you trust the > outside ... and have processes that quickly isolate and block access This is quite correct... The blocking/isolation is helped if the network is segmented early on, permit that traffic which is 'normal' place some ids-like devices around and correlate logs/reports/incidents to properly react when something goes awry. > from / to compromised hosts till they are fixed. > > Modulo various "100% efficient" solutions that I see advertised, we do > need a reliable, and quick reacting, way to do this. > I'm not such a fan of the auto-acting devices, I'd rather have a person review the action prior to taking it.... Each security/network person should determine how best to handle that themselves though.
|