As sad as i may find it. The only machine i administrate that ever got `cracked` was a linux box. OK, I admit it, it wasn`t carefully secured and patched like it should be, but... well... if you`re a busy admin you haven`t always got the time to read bugtraq every day, and even if you have, the time to implement the fixes isn`t always availble.
Anyway, my point, linux or windows or whatever OS you use doesn`t make the difference in being secure. It`s the admin who makes the difference.
Keep a close eye on your machines, update them whenever needed, keep in touch with the `scene`.
I personnaly tend to be `friends` with some of the more advanced scriptkiddies around, ok, they`re mostly idiots who haven`t got a clue, but they love to brag about their latest actions, and the latest exploits they have heard about... and if they know of any that affect you... you better start fixing...
now... you can`t get your machine to be 100% fool proof, but you can make it less inviting to script kiddies... use IDS, Firewalls, secure your machines, make sure that you log remotely, secure those logs,... have backups, have `honey pots` to keep an occiasonal script kiddie busy instead of attacking your secure production servers... and most of all... take action against every attack attempt... warn the isp and upstream provider of anyone who`s doing something funny on your network etc...
Security is hard work... and most e-commerce companies don`t get it... they prefer to take an easy ride to fame and money... rather then spend some time and money creating a good solution.
now this doesn`t only show in security, mostly the entire infrastructure of e-commerce sites is CRAP to say the least.
Securing your data is not something you achieve by using a few buzzword technologies.
The technology is just a mean to help you implement the security policy, it`s not the wonderous tool that relieves you from your security worries.
Security is not just a job for IS/IT-departments, it`s something that is achieved troughout the entire company. You need to get well written procedures, dealing with every aspect of security. From securing your hard drives with encryption, to making sure there`s a decent lock on your server room, and to making sure people don`t just leave there cd-roms and disks floating around... It`s very important to create an awareness with everybody on how to deal with information.
In this case the notebook was stolen from someones desk, this proves that in your security policy, you not only need to include encryption, firewalling, logging,... but determing who has access to which offices at what times... ( key-cards that open the door, cameras in the hallway,... )...
Slashdot Mirror
As sad as i may find it. The only machine i administrate that ever got `cracked` was a linux box. OK, I admit it, it wasn`t carefully secured and patched like it should be, but ... well ... if you`re a busy admin you haven`t always got the time to read bugtraq every day, and even if you have, the time to implement the fixes isn`t always availble.
...
... have backups, have `honey pots` to keep an occiasonal script kiddie busy instead of attacking your secure production servers ... and most of all ... take action against every attack attempt ... warn the isp and upstream provider of anyone who`s doing something funny on your network etc ...
... and most e-commerce companies don`t get it ... they prefer to take an easy ride to fame and money ... rather then spend some time and money creating a good solution.
Anyway, my point, linux or windows or whatever OS you use doesn`t make the difference in being secure. It`s the admin who makes the difference.
Keep a close eye on your machines, update them whenever needed, keep in touch with the `scene`.
I personnaly tend to be `friends` with some of the more advanced scriptkiddies around, ok, they`re mostly idiots who haven`t got a clue, but they love to brag about their latest actions, and the latest exploits they have heard about... and if they know of any that affect you... you better start fixing
now... you can`t get your machine to be 100% fool proof, but you can make it less inviting to script kiddies... use IDS, Firewalls, secure your machines, make sure that you log remotely, secure those logs,
Security is hard work
now this doesn`t only show in security, mostly the entire infrastructure of e-commerce sites is CRAP to say the least.
Securing your data is not something you achieve by using a few buzzword technologies. ... It`s very important to create an awareness with everybody on how to deal with information.
... but determing who has access to which offices at what times... ( key-cards that open the door, cameras in the hallway, ... ) ...
The technology is just a mean to help you implement the security policy, it`s not the wonderous tool that relieves you from your security worries.
Security is not just a job for IS/IT-departments, it`s something that is achieved troughout the entire company. You need to get well written procedures, dealing with every aspect of security. From securing your hard drives with encryption, to making sure there`s a decent lock on your server room, and to making sure people don`t just leave there cd-roms and disks floating around
In this case the notebook was stolen from someones desk, this proves that in your security policy, you not only need to include encryption, firewalling, logging,