[Dshield] Secure computing (was: Port 135)

Kenton Smith ksmith at chartwelltechnology.com
Sun Oct 27 20:19:10 GMT 2002

I can understand your logic to a point. This seems a bit like the John Wayne
approach to me. What about some kind of layered approach to security? Here's
where your argument falls flat to me:
Our opinion is that "Firewalls are for cowards".
A firewall will never save your ass if a
cracker really wants it.
If a cracker really wants it, nothing will save your ass. If a cracker
really wants it he is going to use things you don't even know about. What
about the newly discovered Kerberos flaw? How long does it take you to patch
something like this?
I'm not saying that your way of doing it is wrong, however to rule out using
something because "I don't need 'em", then your leaving yourself and you
users open. If there was a silver bullet we'd all be out of a job, but my
job is to make sure it doesn't happen to our company and I'm going to use as
many different means as possible to do that.

Kenton Smith

-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org]On Behalf Of Jan
Sent: Saturday, October 26, 2002 3:51 PM
To: list at dshield.org
Subject: [Dshield] Secure computing (was: Port 135)

I will try to respond on all the comments that have been made.

First we are talking about Windows Message Service not MSN

The sum 10,000 was taken out of the air, but I believe it is
pretty accurate for the whole university. Our department have
5,000 users in the database. This incorporate old and present
students. At this moment we have about 1,200 active students, 300
Windows workstations, 50 UNIX workstations, 60 SUNRays (thin
client, UNIX), 25 UNIX servers and 3 Windows servers
(ActiveDirectory (under development), Ghost).

More information about the list mailing list