Vachon, Scott wrote: > In a past occupation, I worked with phone switches. Most have a bare minimum > OS that runs on them but, for full functionality they are used with a > separate host (or hosts). Indeed, and that has been the source of a major burr in my hide. In various jobs I've more than once encountered the scenario where the separate host is an out-of-the-box install of the OS, unpatched, every service in the book running and with the telephony app thrown in there with a default install just before its shipped to the customer site along with a support and maintenance contract. This app, of course, usually remains something of a black box even when glared at with extreme prejudice by an experienced sysadmin. When that same sysadmin starts tallking about locking down some unnecessary services or even (horrors!) reimposing the default setup of most *nix variants that prevent root logins anywhere but the physical console the immediate response is usually "Change our default config and you void your maintenance contract - install any other software and we will no longer support the app. No, our remote support techs must be able to make a root login over the dialup line or we wont support the system at all..." Needless to say, most businesses balk at the thought of having their phone system unsupported if it goes down and so the system remains wide open. One vendor who I wont trouble to name even went so far as to forbid the installation of backup client software but at the same time handed the root password to anyone who asked for it "so that they could run the commands that control the switch connection" Thankfully the disaster waiting to happen there didnt occur on my watch and I wasnt put in the position of having to find a diplomatic way to tell my employer that I'd told them so... -- Dave Booth, CWT-IT dboothat_private +---------------------------------------------------+ | Catapultam habeo. Nisi pecuniam omnem mihi dabis, | | ad caput tuum saxum immane mittam. | +---------------------------------------------------+
This archive was generated by hypermail 2b30 : Fri Jun 07 2002 - 15:48:06 PDT