Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: Microsoft Security, baby steps ?[Scanned] [Scanned] [Scanned]
From: "James P. Saveker" <james () wetgoat net>
Date: Thu, 18 Mar 2004 19:40:27 -0000

Valdis.Kletnieks () vt edu said....

All very good "best practices" concepts - too bad so few sites manage to
actually deploy them correctly....

That's the *real* challenge of trying to secure a network - the vast gap
between what could be done given the proper mandate and financing, and what
you can usually actually deploy with the mandate and financing you actually
got. :)

In fact all tasks for smaller companys can be done by people with 
little up top using SBS 2003 and enjoying the wizards.

Which is fine, until something goes Terribly Wrong and there's no sign of
the Terribly Wrong-Fixing Wizard to be found. ;)

(Guess who's come across waaay too many boxes that the owner didn't know
were compromised because the box knows how to say "You've got Mail!" but
doesn't know how to say "You've got Malware!" ;)

Yes indeed.  I agree with you entirely.  Seems I am struggling to make my
point.  You mention best practises, in my opinion being only a poor old wet
goat I think that if people valued "standards" as well as experience in IT&T
then perhaps regardless of budget; solutions could be tailored for
individual business needs, even if a company has to resort to outsourcing.
Too many people bash MCSE/MCSA but jeez, if someone has got that piece of
paper they can do it period.

I have seen companies running SBS and using ISP mail accounts when exchange
is part of SBS, madness!  Also they have not got ISA configured correctly,
assuming correctly does not involve a rules allowing all traffic from all
sources to flow bi-directionally.  People that set up servers like that
should be shot, or at least not allowed to practise as consultants.

But then that's the small business side of the pie.

James Saveker

"The only thing which helps me maintain my slender grip on reality is the
friendship I share with my collection of singing potatoes..."

This e-mail has been virus checked by Sophos Mail Monitor. There are
inherent dangers in the opening any Attachments contained within e-mails.
wetgoat.net cautions you to make sure that you completely understand the
potential risks before opening any of the Attachments. You are solely
responsible for adequate protection and backup of the data and equipment
used in connection with this e-mail service, and wetgoat.net will not be
liable for any damages that you may suffer in connection with using,
modifying or distributing any of the Attachments.

Attachment: smime.p7s

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]