On Fri, 8 May 1998, Russ Cooper (Russ.Cooperat_private) wrote: > The vast majority (say roughly 90%) of all "hacks" of NT that have been > reported have come about as a result of lack of knowledge on the part of > the installer/administrator. This is also due to the security of NT's default configuration. Certain Unix vendors such as SGI also have this problem. Whether the glass is half empty (admins not performing a secure installation and applying patches) or half full (the OS not implementing security by default) is perhaps a matter of perspective. > 3. The number of people who "know" how to secure an NT box against > "known" exploits are far fewer than their Unix brethren (that's why we > get paid so much...;-]) This is at least partly due to the closed nature of the NT operating system itself. Not only are the administrative resources necessary to secure an NT box hard to find but the tools and documentation simply don't exist in many cases. An example of one such critical tool, one we rely on, is Sun's patchdiag. This is a subscription service which allows sysadmins to download the patch database for their Solaris version. The database is updated several times a week and lists the current revision of all recommended and security patches. The patchdiag script flags any patch that's out of date or not installed on a particular system. With this information an admin can keep his or her critical boxes patched with as little effort as running 'installpatch' a few times each month. Roger Marquis Roble Systems Consulting http://www.roble.com/consulting
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:13 PDT