[Dshield] Security assurance for less obvious platforms
Abuse
abuse at what4now.com
Mon Dec 3 07:21:01 GMT 2007
** Reply to message from "Darren Spruell" <phatbuckett at gmail.com> on Sun, 2 Dec
2007 16:25:53 -0700
> Many of these systems are connected to the internal network, are
> frequently not segmented away from the rest of the network, and are
> outfitted with TCP/IP stacks. Worse, most of them run ancient and
> arcane network services, were never deployed in a hardened fashion,
> and are administered by system operators who have no clue about
> security or the need for it. Some of these guys are living in a
> fantasy world where they think the only threats out there are viruses
> and worms which target Windows PCs, and equate that to the belief that
> they're free from threat of compromise. For many of these systems, I'm
> of the belief that the vendors themselves have no idea the security
> risks that the platforms can face and I suspect that they are so far
> behind more modern platforms that an endless supply of vulnerabilities
> would be discovered if researchers cared more about them.
It depends on the ROI.
If the computer stores high value data then it will be a target otherwise not.
If there is a high inventory of a particular system the it will get targeted
otherwise not.
I don't worry. No high value data to steal and a low volume inventory OS. Now
if your profile does not match mine I agree you should be worrying about your
computer security.
More information about the list
mailing list