|
Dailydave
mailing list archives
Re: This guy cracks me up.
From: Bob Mahoney <bob () zanshinsecurity com>
Date: Mon, 4 Sep 2006 12:59:04 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
For whatever it might be worth, a slightly dated perspective from a
possibly interesting network:
I worked at MIT for a little over 10 years, leaving three years ago
to start my own consulting firm. In that time I worked in the
network operations group, and later founded their Network Security
team, which I headed up until I left.
The exact numbers are hard to pin down, given the environment, but we
had ~50k machines on the network (about ~35k "active" at any given
time). Population guess, c. 2003:
Windows (all sorts) 60%
MacOS (both sorts) 20%
UNIX (all sorts) 20%
I would guess that the MacOS number is about the same today, but that
pre-X machines are now a tiny fraction.
No firewall during this time, and just a small number of actively
naughty ports blocked by the routers. A very wide range of sysadmin
skills in play, and a strong attitude of freedom in both systems and
network use.
The team was a cross-organization group led by central IS, but with
members from the big independent labs like LCS, Media Lab, AI Lab.
We were pretty active, tried hard to do all the right things, ate our
Wheaties, etc. We had pretty good network intelligence, and probably
didn't miss a whole lot in the way of suspicious activity, so end-
user security clue was not a big factor in compromise detection.
We saw thousands (low 10s?) of Windows systems compromised in my time
there, but I do not have personal knowledge of any MacOS X
compromises at the Institute in my time there, or since. And I don't
know anyone personally who does.
MIT gets lots of "let's attack the smart kids" and "Check out my m () d
skillz" attention, and has no shortage of gifted locals... Lots of
people poke at this network. "Target-rich environment", and all
that. University networks can be pretty much guaranteed to see
whatever attacks are taking place against Apple machines. (Maybe
Apple should seed some sensor machines into these networks, so we can
see how long the canary lasts?)
I'm sure there are compromised MacOS X systems out there, and I'm
sure there will be others in the future. But in a very wild, very
active, and very open network, over a significant period of time, I
never had to deal with a compromised Mac.
Apple's security isn't perfect, and won't ever be. But whether they
have done something better, or just something different, their real-
world track record to date is not that bad.
Even if previous good luck is merely an artifact of being a minority
platform, Apple clearly recognizes the value of the positive security
perception, and it would be reasonable to assume that they'll try
hard to make whatever clever engineering choices might maintain and
strengthen that perception.
Experience to date has left a good impression. That impression can
move consumer dollars around, and Apple will protect the impression
to attract the dollars. They'll probably do some things right along
the way.
- -Bob
- --
Bob Mahoney
Zanshin Security, LLC
http://zanshinsecurity.com
PGP: 69F9 FC06 0D53 84D5 6981 B12E 7AF1 C5E2 39C5 EC09
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iD8DBQFE/FtdevHF4jnF7AkRAlJGAKD8XT5Baehlqgm5FqkpqY4tD/KG2wCfdXYl
62Fk2adLpBXX+zZ3r7RITZA=
=621G
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
Re: This guy cracks me up. Teemu Schaabl (Sep 04)
Re: This guy cracks me up. johnny cache (Sep 04)
|
Intro
