Re: Introduction

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Dale Whiteaker-Lewis: "Advice for Risk Assessment consultant (was Re: Intrusions)"
• Previous message: Fred Cohen: "Re: Intrusions"
• Maybe in reply to: IDS Moderator: "Introduction"
• Next in thread: Anthony C. Zboralski: "Re: Introduction"

adamsb@un.org wrote:
> 
> Back on 1/25/96 Robert posted:
> 
> > My main subject at work is the "secure" installation of Sun workstations.
> 
> Watch out for operating system upgrades putting unexpected holes in secure
> workstations.  I have seen several occasions where a Sun OS was upgraded on
> a secure workstation and the upgrade added a new hole.

This is the exception, rather than the rule, of course.

Of particular note, SunOS 4.1.x is swiss cheese these days, while
Solaris 2.5 is significantly more secure.  Perhaps of exceptional
significance to securing systems, is the "autoinstall" feature that
became available with Solaris - it inspired a locally written system of
shell scripts, that run around tightening every security hole we can
think of a fix for (or find a patch for), every time we install a
machine, or run a "bring this machine up-to-date on its fixes" script
(with signifcant code sharing between the former and latter).

Introduction?   Uh, I work on securing machines in an academic
environment (contradictory?)

The platforms I concern myself with are mainly Sun, SGI and DEC.   I
bother with SunOS 4.1.x and Ultrix as little as possible, anymore.

• Next message: Dale Whiteaker-Lewis: "Advice for Risk Assessment consultant (was Re: Intrusions)"
• Previous message: Fred Cohen: "Re: Intrusions"
• Maybe in reply to: IDS Moderator: "Introduction"
• Next in thread: Anthony C. Zboralski: "Re: Introduction"