[Dshield] What's wrong with this picture?

Gasper, Rick rjgasper at kings.edu
Fri Jan 31 02:47:20 GMT 2003

I see something from the other side:

MS gets blasted every time someone finds a way a hole in their software
(sometimes they deserve it and sometimes not). IF they took a more
proactive approach and scanned machines, then they could alert the admin
to patch. Imagine a popup box or an email or event log that shows that
patches are needed. 

I would prefer to use local tools such as baseline security advisor.
However, short staffed admin might like that kind of attention. It might
be easier to get downtime to apply patches.

In the education arena, you often have librarians doing the work of a sr
network admin. They may be great librarians but they are doing a job
that may be beyond them.

In other words, we may be seeing a change in the way Microsoft looks at
end user security.

Rick Gasper
Manager of Network Services
King's College 
Wilkes-Barre PA 18711
Phone: 570-208-5845
Fax: 570-208-5989
rjgasper at kings.edu

-----Original Message-----
From: Johannes Ullrich [mailto:jullrich at euclidian.com] 
Sent: Thursday, January 30, 2003 6:33 PM
To: General DShield Discussion List
Cc: johnh at aproposretail.com
Subject: Re: [Dshield] What's wrong with this picture?

> I think there was some confusion about whether the scanning would be 
> performed by a local tool, or from Redmond Central via the Internet.

good point. I would expect a local tool. Remote tools, while sometimes
easier to use, are usually less accurate. (lost packets, some random
firewall that just blocks the particular route ...)

jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list