Re: some thoughs

giorgos adamopoulos (el90118@central.ntua.gr)
Tue, 21 Nov 1995 21:36:15 +0200 (EET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Doug Hughes: "Re: Good logging and real-t"
Previous message: Gacquer Fridiric: "My intro."
In reply to: Alexander O. Yuriev: "some thoughs"
Next in thread: Benoit Dicaire: "Re: some thoughs"

> Hi,
> [...]

I skip this, as I've not been in a SA conference, so I can't judge...

>         Why do we trust our vendors when they say that their systems are 
> secure? What are the checks that we perfom before we bring a system onto 
> the netwotk? Do we perform them at all or do we just blindly assume that 
> if there is no patch out there, there is no problem? Is it that we do not 
> want to bother with it or is it that we do not know where to look?
>         I would appreciate your comments...

I think true professionals do not trust marketing bells.  Depending on the
machine one wants to hook on the Net, there exists a wide range of FAQs,
HOWTOs, admin lists which can help to bring a system `adequately' (ie. for
the casual cracker) secure.  One is able to assume that one is secure from 
previous bugs; bugs will always come in the future.  S/W complexity 
increases bugginess (don't remeber where I've read it).

I think we all know where to look, from newbies (like me) to the highly 
experienced.  Those who seek, discover (and the crackers too ;-).
-- 
giorgos adamopoulos (el90118@central.ntua.gr)

                ``We who are not as others'' -- Sepultura.

Next message: Doug Hughes: "Re: Good logging and real-t"
Previous message: Gacquer Fridiric: "My intro."
In reply to: Alexander O. Yuriev: "some thoughs"
Next in thread: Benoit Dicaire: "Re: some thoughs"