Some necessary topics for any network security class:
Weakest Link
The weakest part of the system's security determines the effective security of the system. One hole left unattendeded thwarts all other holes being stopped. The Titanic was perfectly safe from any threat except the one that sank it.
Multiple points of failure
The addition of components to a system tend to degrade security rather than increasing security. This may seem silly, for doesn't adding a firewall make a system more secure? Yes, and no. The firewall now must be setup and maintained properly, or it becomes another staging ground for security attack if it is compromised. If you've had to deal with network
reliability this point makes perfect sense.
Know the Enemy
It goes without saying that the best defense is a good (knowledge of the) offense. Study the CERT warnings, study the hacker sites, get the SATANic-type tools (just don't get caught using them against someone elses system). It's continuing education: know the exploits and secure your own system from them.
Know the Enemy Within
The truth is most attacks occur from within an organization, or by the ones with some legitimate access to the system. This makes sense, because the most interested parties in protected elements within a system are probably already on the inside (e.g. only a Slashdotter would really want Malda's password...). This goes for disgruntled and/or bored workers within a company. They may be searching for secrets or willing to satbotage. It goes without saying that employees who are fired have their accounts shutdown (and root passwords changed, just in case!) simultaneously to thier firing.
These are all commonsense and obvious, but need to be stressed all the more. Security is not merely a technical problem. Planning, proceedures, and psychology are weapons in this warfare -- on both sides, no doubt
Re:It's Mobile Linux. Deductive reasoning says so.
on
Crusoe WebPads By FIC
·
· Score: 2
buried at the bottom of the Charitable page is a comment:
Aqua is also ready to support e-Book application with its apt form factor and user interface.
Why on earth do you suppose that is my street address? The mail room at my office will handle the grits (which they seem to love) and rats (hate) just fine.
We already receive all kinds of junk mail...
Now, posting my HOME address would have been really, really stupid.
Oh, did I mention I work from home and rarely visit the office?;)
Battlefield Earth (the movie) does an admirable job of returning today's youth to their parent's library to find the novel, Battlefield Earth, in all its thick glory, to see if there's anything similar between it and the movie.
Please remit said prize to:
Robert Taylor
12241 Newport Ave Santa Ana, CA 92705
if the builder of your house left a spare key to your house under the mat without telling you, but has been known by people in the industry to this at every house he builds? Who would you be mad at? The person who got in without a challenge, or the person that gave him the opportunity.
I don't know about being mad but I'd file a criminal complaint against the person who broke entry.
And, I'd sue the pants off the builder for negligence (and whatever else a lawyer could throw at him).
Oh, I almost forgot, since this post touched something related to the legal system I am required, as a good/. nerd, to add:
IANAL
Boy, do I hate I-A-N-A-L, as if we thought you were! (Sorry)
Re:What does this say about hurting customers
on
Microsoft Quickies
·
· Score: 2
Now, just anyone reading this may simply assume that the Unix server is more high maintenance thant the NT server right? nope. In fact, one of the Unix servers this guy worked with had an uptime of 8 years... 8 [Explitive Deleted] YEARS! Apparently a UPS blew out and they turned it off to be safe because no replacement was handy. Thats right.. the Unix server came down because of something that was unrelated to the OS..
Well, kinda. If the UNIX box had a journaling filesystem and was setup in a failover cluster, then the failure of the UPS would not have required the preventative measure of shutting down the server. If the UNIX on that box did not have a journalling filesystem, then perhaps the OS was related to the problem. If the system administrator was not using the journalling or clustering subsystems...then it was not OS related as you said.
Ouch! The DOJ is a part of the Executive Branch of the US government. The DOJ can take a company (or person) to court, but it is the Judicial Branch that makes decisions via Judges in the court system
The DOJ made it's decision to ASK for the breakup of MSFT a long, long time ago. TODAY the JUDGE ruled that MSFT must be broken up (pending appeals, of course).
I'm going to be a father for the first time in about 6 weeks or so
Congratulations! I just became a dad for the first time 7+ months ago. It's one of the greatest things that's ever happened in my life...perhaps the.
you may not be able to 'take stuff with you' but you still can pass things on to your progeny
Well, my second quote (from Ps. 39) was addressing this point: we heap up riches but don't know who will ultimately gather them. I am not only a dad, but I am, obviously, a son. My father has some means and early in my 20's allowed me to live dependently on his means, until he wisened up and cut me off. We have a loving relationship -- he did not do it out of spite or anger. His cutting me off was probably the catalyst for my eventual turnaround.
While I have benefited from my father's stuff, I have more benefited from his love and wisdom.
Ultimately, things aren't enough.
You know this, and I'm sure you'll enjoy your child at least as much I mine (or, perhaps not "mine" but "on lease"). I'm glad to be able to give to my son, but I know from my dad's example the things are not enough.
For whereas my father put a heavy yoke upon you, I will put more to your yoke: my father chastised you with whips, but I will chastise you with scorpions.
Another example of following bad advise from inexperienced, haughty peers.
The reference is from Solomon's son and heir to the throne of Israel inaugural speech. The wise advisors recommended making the yoke (Solomon had taken the best and brightest from the people for his palace -- and bunches of their women) lighter to keep the peace. The young friends of Rehoboam said to be tough on the people. Shortly after this speech the Northern 10 tribes (of 12, in case you didn't know) split off, leaving the Davidic line with 2 kingdoms.
When I was in college I knew people who took classes just to have a free account on IRC and BITNET as well as Usenet (alt.*). So these people were using classes for Usenet purposes, I guess.
Driving licenses are traditional, they've always been around.
Define always. To me and you DL's are eternal requirements. To my grandparents (who lived before autos were common) DL's did not exist at one point. What changed? Automobiles became an integral part of American life and commerce. Bad (dangerous, ignorant, reckless, et al) drivers were no longer merely a threat to themselves but to all drivers around them and to normal business conducted over-the-road. Something had to be done, so regulations were made and minimum standards were set.
what you aren't realizing here is that connecting to the 'Net can't be compared to, as you've done here, driving a car. The 'Net has become such a integral part of businesses worldwide, that it would just cost too much to start educating a semi-computer literate world in the way you're suggesting.
Okay, I rearranged your quotes to make this point: because the Internet is integral to business internationally it may become necessary to make regulations and establish minimum standards. Scarry.
You can't disconnect these people because they fail a Internet security test, because then you would be disconnecting way too many people. Remember, the average CEO of a company (Suit) isn't even semi-literate (computerwise), perhaps if it's a tech company, yes, otherwise, you'll be luckily if he's semiliterate.
Okay. Maybe we require that the OSes and Internet-connecting programs (don't ask me to define them all, I'm just thinking out loud!) be certified to operate on Internet-connected devices. Sure, let the CEO use the net -- but not with Outlook and Windows Scripting Host enabled! Who enforces this? The ISP? (Hmmm....).
Do you really want to install *yet another* bureaucracy over us?
No. We're just having a discussion; debating the idea. I'm not for this, just thinking.
Furthermore: requiring everyone to have a license because *some* people are irresponsible is, in essence, saying "Everyone is guilty until proven otherwise."
Or it's a way of saying "you don't have the right to be here; you must prove that you're able to bear the responsibility." Don't freak: I'm describing a driver's license. So, what if this was applied to running Internet-connected computers? Better put: what if your OS and Software had to be approved for Internet use before you could put it on the 'net? Put the onus on the OS/Email/Services programmers.
The reason that the law says "intentionally" is because for a crime to be proved there are 3 irreducible elements: Means, motive and opportunity.
If your car rolls down a hill and smashes into someone's property (or person) you may have had no Means, motive or opportunity to commit a crime but you'd be liable (civilly) nonetheless. And, if it could be proved that you were recklessly endangering others, you could be held criminally responsible, too (involuntary manslaughter, for example).
I guess as I consider this topic I am becoming aware of our responsibility toward others on the Internet. Perhaps I should be repremanded if I leave my system open and it is used as part of a DDoS attack.
If you pass a virus to another person, you are liable for fines up to $15,000 -- more if it's an incurable disease. (We could call it "the burden of breathing.")
I was chuckling at your response (and agreeing with you) and then I remembered: food service workers... Typhoid Mary... "Employees Must Wash Hands".... There are constraints placed on us in all kinds of circumstances where we interact in society. It was said:
Your right to swing your arm ends where my nose begins.
When what we do (or don't do) affects others, we need to be on the alert for regulations. No Smoking.
As far as passing on viruses goes. The people who are not protected pose absolutely no threat to the people who are.
True, on my personal system I have no fear or worries about others' systems being exploited. I never got one of these macro worms sent to me, yet. But it does harm me. Very much. For one, my mail servers at work and elsewhere are overwhelmed with the exponential flood of garabage that is sent during the height of these attacks. Moreover, I've been spammed to death by people leaving their sendmail (et al) servers open for relay. Maybe ORBS is not enough. You wanna run a mailserver? Get a license.
We're just talking, here. I'm not suggesting this should happen. be my guest: Shoot me down.
I realize the law says "intentionally" but what if a more proactive stance was adopted? For example, when I receive a counterfeit $20 I may be unaware. But when I deposit that counterfeit $20 at my bank (and it is discovered) I lose $20 and may be investigated. It doesn't matter that I *thought* it was real -- I still lose. It is upon me to make sure bills I pass are legitimate. If they are not, I lose.
Let me apply this "burden" to the 'net: if you connect to the Internet and pass a virus (even unaware) your privileges to stay connected may be revoked or suspended. What?!? Well, you take on a lot of responsibility to connect to the rest of us. If you cannot take basic precautions to protect others from your transmissions then you are subject to loosing your right to be on the 'net. The onus is on you.
What does this mean? It means you must be able to prove that you took reasonable precautions to prevent your system from harming others. This may include using an updated anti-viral package on Windows and Mac systems. Properly adhering CERT advisories on UNIX systems. Avoiding easily-exploitable software packages (Outlook, for example). Using basic security protocols.
Offenders (those who fail to protect others from attacks via their systems) may be forced to disconnect until they
complete a proper system security class
install proper security software
establish and follow basic security guidelines
disable easily-exploitable software
I realize this is radical.
Perhaps a better model (than the counterfeit bill passing) is the transportation regulations we have today. We require people who drive on our highways to take basic precautions to avoid harming others (no drinking when driving, obey traffic laws, maintain car at reasonable operational standards). Heck, we don't let you drive unless you obtain and maintain a proper license! How about a license to connect to the Information Super Highway? And what about liability insurance? If your system has an exploitable hole that damages someone else's system, you may be liable.
The Internet is a part of our lives. We can't allow stupidity and laziness ruin it for the rest of us.
Find Hackers: Heroes of the Computer Revolution. It will inspire you (good read). It stops soon after the Apple II, so you'll need something else for more recent history.
Slashdot Mirror
These are all commonsense and obvious, but need to be stressed all the more. Security is not merely a technical problem. Planning, proceedures, and psychology are weapons in this warfare -- on both sides, no doubt
We already receive all kinds of junk mail...
Now, posting my HOME address would have been really, really stupid.
Oh, did I mention I work from home and rarely visit the office? ;)
Please remit said prize to:
And, I'd sue the pants off the builder for negligence (and whatever else a lawyer could throw at him).
Oh, I almost forgot, since this post touched something related to the legal system I am required, as a good /. nerd, to add:
Boy, do I hate I-A-N-A-L, as if we thought you were! (Sorry)Apple has long been a Microsoft platform. Remember 1984 and the advent of the Mac? Bill Gates and Microsoft were there.
- MicrOs
- MicrApps
Or, should the capitalization on #2 be adjusted?On second thought...
The DOJ made it's decision to ASK for the breakup of MSFT a long, long time ago. TODAY the JUDGE ruled that MSFT must be broken up (pending appeals, of course).
Please, change the embarrassing heading!
While I have benefited from my father's stuff, I have more benefited from his love and wisdom.
Ultimately, things aren't enough.
You know this, and I'm sure you'll enjoy your child at least as much I mine (or, perhaps not "mine" but "on lease"). I'm glad to be able to give to my son, but I know from my dad's example the things are not enough.
We (nerds) need adequate time in the Big Blue Room and to get out of ourselves and surroundings once in a while to see a bigger picture.
You might as well lease everything because, you're not taking it with you.
That 's wisdom, too. Ok. I'm going outside, now.Another example of following bad advise from inexperienced, haughty peers.
The reference is from Solomon's son and heir to the throne of Israel inaugural speech. The wise advisors recommended making the yoke (Solomon had taken the best and brightest from the people for his palace -- and bunches of their women) lighter to keep the peace. The young friends of Rehoboam said to be tough on the people. Shortly after this speech the Northern 10 tribes (of 12, in case you didn't know) split off, leaving the Davidic line with 2 kingdoms.
Oops.
"Hey everyone! I was just kidding!"
---------------------------------- ---------------------------------- ----------------------------------
I can't help but think it's securest while still in the box...
Good points, though: why can't a system come in a state not easily exploitable?
When I was in college I knew people who took classes just to have a free account on IRC and BITNET as well as Usenet (alt.*). So these people were using classes for Usenet purposes, I guess.
LOL!
It's easy to find.
Define always. To me and you DL's are eternal requirements. To my grandparents (who lived before autos were common) DL's did not exist at one point. What changed? Automobiles became an integral part of American life and commerce. Bad (dangerous, ignorant, reckless, et al) drivers were no longer merely a threat to themselves but to all drivers around them and to normal business conducted over-the-road. Something had to be done, so regulations were made and minimum standards were set.
what you aren't realizing here is that connecting to the 'Net can't be compared to, as you've done here, driving a car. The 'Net has become such a integral part of businesses worldwide, that it would just cost too much to start educating a semi-computer literate world in the way you're suggesting.
Okay, I rearranged your quotes to make this point: because the Internet is integral to business internationally it may become necessary to make regulations and establish minimum standards. Scarry.
You can't disconnect these people because they fail a Internet security test, because then you would be disconnecting way too many people. Remember, the average CEO of a company (Suit) isn't even semi-literate (computerwise), perhaps if it's a tech company, yes, otherwise, you'll be luckily if he's semiliterate.
Okay. Maybe we require that the OSes and Internet-connecting programs (don't ask me to define them all, I'm just thinking out loud!) be certified to operate on Internet-connected devices. Sure, let the CEO use the net -- but not with Outlook and Windows Scripting Host enabled! Who enforces this? The ISP? (Hmmm....).
No. We're just having a discussion; debating the idea. I'm not for this, just thinking.
Furthermore: requiring everyone to have a license because *some* people are irresponsible is, in essence, saying "Everyone is guilty until proven otherwise."
Or it's a way of saying "you don't have the right to be here; you must prove that you're able to bear the responsibility." Don't freak: I'm describing a driver's license. So, what if this was applied to running Internet-connected computers? Better put: what if your OS and Software had to be approved for Internet use before you could put it on the 'net? Put the onus on the OS/Email/Services programmers.
The reason that the law says "intentionally" is because for a crime to be proved there are 3 irreducible elements: Means, motive and opportunity.
If your car rolls down a hill and smashes into someone's property (or person) you may have had no Means, motive or opportunity to commit a crime but you'd be liable (civilly) nonetheless. And, if it could be proved that you were recklessly endangering others, you could be held criminally responsible, too (involuntary manslaughter, for example).
I guess as I consider this topic I am becoming aware of our responsibility toward others on the Internet. Perhaps I should be repremanded if I leave my system open and it is used as part of a DDoS attack.
I was chuckling at your response (and agreeing with you) and then I remembered: food service workers ... Typhoid Mary ... "Employees Must Wash Hands" .... There are constraints placed on us in all kinds of circumstances where we interact in society. It was said:
When what we do (or don't do) affects others, we need to be on the alert for regulations. No Smoking.
True, on my personal system I have no fear or worries about others' systems being exploited. I never got one of these macro worms sent to me, yet. But it does harm me. Very much. For one, my mail servers at work and elsewhere are overwhelmed with the exponential flood of garabage that is sent during the height of these attacks. Moreover, I've been spammed to death by people leaving their sendmail (et al) servers open for relay. Maybe ORBS is not enough. You wanna run a mailserver? Get a license.
We're just talking, here. I'm not suggesting this should happen. be my guest: Shoot me down.
Let me apply this "burden" to the 'net: if you connect to the Internet and pass a virus (even unaware) your privileges to stay connected may be revoked or suspended. What?!? Well, you take on a lot of responsibility to connect to the rest of us. If you cannot take basic precautions to protect others from your transmissions then you are subject to loosing your right to be on the 'net. The onus is on you.
What does this mean? It means you must be able to prove that you took reasonable precautions to prevent your system from harming others. This may include using an updated anti-viral package on Windows and Mac systems. Properly adhering CERT advisories on UNIX systems. Avoiding easily-exploitable software packages (Outlook, for example). Using basic security protocols.
Offenders (those who fail to protect others from attacks via their systems) may be forced to disconnect until they
I realize this is radical.
Perhaps a better model (than the counterfeit bill passing) is the transportation regulations we have today. We require people who drive on our highways to take basic precautions to avoid harming others (no drinking when driving, obey traffic laws, maintain car at reasonable operational standards). Heck, we don't let you drive unless you obtain and maintain a proper license! How about a license to connect to the Information Super Highway? And what about liability insurance? If your system has an exploitable hole that damages someone else's system, you may be liable.
The Internet is a part of our lives. We can't allow stupidity and laziness ruin it for the rest of us.
I found that using this search on http://www.linuxrouter.org/.
Check out Linux Router Project.