[Dshield] Quiet secure mailbox

Mrcorp mrcorp at yahoo.com
Tue Mar 19 17:09:14 GMT 2002


The only 
> way to be "secured" is to keep yourself up to date with 
> patches,fixes,antivirus updates,and a steady supply of aspirin and 
> alka-seltzers

I was waiting for someone to say this.  Thank you!  I did a study on Operating Systems about a
month ago.  And I used NESSUS and NMAP to scan OS out of the box and with the latest patches.  The
scans were surprising on some machines.  Like SOlaris 8 and Windows 2000.  

The purpose of the study was to demonstrate that vendor patches dont always secure you, even if
they claim to.  Look at me NESSUS vs. SUN paper on mrcorp.net for an example of this.  The paper
is still being edited but the point is one that many people have agreed with.

Simply patching your system with the latest vendor patches isnt an answer to "are you secure?" 
Its a part of being secure, but should not be considered a solution to be secure.  Antivirus
programs are a aprt as well, as is a firewall and/or IDS.  

At SWG, we also had a poll recently that asked the question, do you harden your OS.  The response
was interesting and a question I think we should all ask ourselves.  Do we simply apply the latest
patches, slap on a firewall?  Or do we take the additional steps.

The OS Scan can be located at www.securitywriters.org.

mrcorp

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/




More information about the list mailing list