|
Full Disclosure
mailing list archives
Re: What the f*** is going on?
From: jf <jf () ownco net>
Date: Thu, 24 Feb 2011 11:24:22 -0500
"Doing security" really isn't that hard. Behind all the fancy appliances
and gee-whiz technology, the underlying principle is, don't unnecessarily
expose your assets to attack.
eyeroll, thanks for the clarification.
This boils down to a few simple things:
1) Don't allow users to create simple passwords.
2) Don't allow admins to forego routine patching
3) Don't allow poor configuration of applications
4) Don't allow services that aren't vetted and authorized
to think I wasted all this money on SANS...
(how come no one ever points out that rate-limiting failed logins is probably more important than password complexity?)
Those four simple rules will go a long way toward reducing your attack
surface enough that the "routine" "hackers" will move on to easier targets.
Depending upon your infrastructure, some of this can be automated, but the
bottom line for good security is auditing. Know what your assets are.
Know what the weaknesses are. Do everything you can do to avoid
unnecessary exposure.
You're not going to stop a determined adversary from getting in. There is
always a weakness somewhere that can be leveraged to gain further access.
But if you forgo routine patching, allow lousy passwords, allow poor
configuration practices and run services that aren't vetted and authorized,
then, well, you're an HBGary clone..
Okay, I think I got it, doing security is not hard, duh! You should listen to me, but hey, youre still gonna get owned,
but really... this security stuff is e-z.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
By Date
By Thread
Current thread:
Re: What the f*** is going on? Michal Zalewski (Feb 23)
Re: What the f*** is going on? Michal Zalewski (Feb 23)
Re: What the f*** is going on? Paul Schmehl (Feb 24)
- Re: What the f*** is going on? jf (Feb 24)
Re: What the f*** is going on? Valdis . Kletnieks (Feb 25)
|