Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Pros Bemoan the Need for Focus

Posted by CmdrTaco on from the thinking-one-step-ahead dept.

Ant writes "Computerworld has an article about more proactive initiatives falling by the wayside. Operational and tactical considerations continue to dominate the IT security agenda, despite a growing need for more strategic approaches to data protection."

10 of 62 comments (clear)

  1. Giving Up by Anonymous Coward · · Score: 5, Interesting


    some people i know are so fed up of the state of internet security ,viruses,trojans,spyware,spam etc that they are actively considering disconnecting their main systems from the internet altogether and only using a dedicated machine for access

    shame that security has got so bad where people are now retreating from public networks, if thats now in 2004 what's it gonna be like in 10-15-20 years from now ? i shudder to think

    1. Re:Giving Up by digitalsushi · · Score: 2, Interesting

      I'd have to ask why a company's main systems are online at all. I was disturbed to learn my bank's accounting system is online. Why should it be? I asked them. They said they didn't need it to be, it was just that they have only one network. Oh, good.

      --
      slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
    2. Re:Giving Up by phillymjs · · Score: 2, Interesting

      things will get better or we will be living in a non Microsoft world.

      I think you misspelled "and."

      ~Philly

    3. Re:Giving Up by mordors9 · · Score: 2, Interesting

      You can't really blame them for giving up. Lawsuits are going to get worse against companies that get hacked and private information gets out on the internet. It also seems like the nature on people on the internet has changed. It used to be that most of the geeky types that tried to hack a box, did it just for fun. We would get in just to see if we could, then maybe leave a note to the Sysop that his system was open. Oftentimes he didn't change anything because he didn't care as long as no one screwed anything up. Now it is all different. There are thousands of script kiddies using scripted tools to hack a box or making slight alterations in virus source code, so they think they are the next phenom. At the same time companies don't want to spend the money to hire competent people to administrate their networks and systems. They apparently think it is cheaper to just retreat from the internet.

  2. sounds reasonable to me by digitalsushi · · Score: 4, Interesting

    I am a sysadmin, a poor one, and I can definitely say I could spend 100% of my time trying to patch holes and cracks in our system and still not have enough time left over. And I have a sneaking suspicion that someone who knows what's going on could redo our environment entirely such that I wouldn't have to. What an unfortunate thing! I don't even know what I'd do with all those extra resources freed up. I think our company had something to do with turning profits, long ago ...

    --
    slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
    1. Re:sounds reasonable to me by Spoing · · Score: 3, Interesting
      1. I am a sysadmin, a poor one, and I can definitely say I could spend 100% of my time trying to patch holes and cracks in our system and still not have enough time left over. And I have a sneaking suspicion that someone who knows what's going on could redo our environment entirely such that I wouldn't have to. What an unfortunate thing! I don't even know what I'd do with all those extra resources freed up. I think our company had something to do with turning profits, long ago ...

      Security is tough...though doable. The general idea is to secure your systems well enough so that if a new exploit occurs it is difficult to impossible for the exploit to impact your unpatched systems.

      General tips;

      1. Simplify; run only what you absolutely need on any system. Remember that even simple programs have been exploited in the past so don't fall into the "that's just a harmless ________" trap.
      2. Isolate; don't just keep minimial systems exposed to the internet, keep all systems visible on a 'need to know' basis. If the database server only talks with the intranet web server and the accounting database, make it so only those machines can see the database. If something breaks, or a developer needs access, either change the router or treat the database as a remote resource and have the group use a SSH tunnel.
      3. Automate; whatever can be automated, automate. Keep in mind that updates can break systems in some way, though focused patches tend to be fairly harmless. Have rollbacks enabled so that any dammage can be reversed without resorting to backups. (You do backup everything, right? Nightly incremental backups + occasional full backups.)
      4. Hire me; I'd be glad to charge, er, help you out with this. Reasonable fees and all that.
      --
      A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
  3. Is this the right use of the word 'bemoan'? by Dixie_Flatline · · Score: 4, Interesting

    It sounds like security professionals are annoyed that they have to focus on anything. Wouldn't a more accurate headline be

    "Security Professionals Bemoan Lack of Focus"?

    Right now, it just sounds like security pros are whiny babies that don't want to do their jobs.

  4. Java WebStart apps - free from viruses/spyware by MarkSwanson · · Score: 2, Interesting
    The Java Web Start sandbox environment may be a bit too limited for some applications, but it is secure and more applications are being written for it all the time. Sun is also improving it with every release. In this environment you don't have to trust the code, or the software vendor wrt manipulating your hard drive, network interfaces, keyboard, or even the clipboard.

    For more secure Java Web Start info: http://www.scheduleworld.com/itsYourLife.html

    --
    Schedule your world with ScheduleWorld.com http://www.ScheduleWorld.com/ (Java Web Startable)
  5. Then start buying AMD Athlon 64's! by Brian+Stretch · · Score: 2, Interesting

    They could at least stop buffer overflow attacks by using AMD Athlon 64 CPUs ("Enhanced Virus Protection" as marketing says). And cut their electric bill. But noooo, they keep buying the overpriced Intel-based blast furnaces that Dell sells them.

    It won't make Windows secure, but it might free up enough time for strategic thinking. Then again, so would doing IT development in-house rather than cleaning up outsourced disasters...

  6. Service Pack 2? by dshaw858 · · Score: 2, Interesting

    I know that Microsoft isn't Slashdotters' favorite company, but I have to say that I think that Service Pack 2 will help security immensely. As has been said before, most of Windows users are computer illiterate. SP2 gives users an enhanced layer of security (the XP Firewall, for example), and can really help the computer illiterate (that would otherwise be totally unprotected) secure themselves.

    - dshaw