Re: SANS Top 20: Mac OS X?

[Valdis.Kletnieks () vt edu]

On Wed, 23 Nov 2005 08:52:30 EST, Anonymous Squirrel said:

(Writing as a long-time co-conspirator on the Top-20, all the way back to
when it was the Top-10)

> I'm puzzled, SANS remediation is merely patch, turn on the firewall, and
> configure per published guidelines.  That fits for _any_ OS.
>
> It just doesn't make sense that the _entire_ OS is a "Top 20" yet the
> remediation is so basic.

Actually, it does - the metric for selection was a "bang for the buck", picking
the 20 things that would do the most to change the overall security of a site.
Since the remediation *is* so basic, and the target machines are easily found,
it's a better use of an overworked security geek's time to find the OS X boxes
and fix them than look for (for example) some subtle-but-deadly buggy PHP script
that may or may not be on any of their servers and may or may not be vulnerable
in their configuration...

> Does SANS know something we don't?

Only that there's a lot more OS X boxes that need proper setup and config than
most people realize...

>                                     Is the mere existence of OS X in a
> network so bad that it deserves to be tagged as a "Top 20"?

The problem is that there are enough OS X boxes on networks that are *NOT*
patched, firewalled, and configured that they pose a clear and present danger
to the networks they reside on.

If there weren't as many OS X boxes, or if they were all/mostly done right,
it wouldn't have been a "top 20".

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/