OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Gabor Tokaji (gtokajiEMSD.HU)
Date: Mon Aug 13 2001 - 23:01:34 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Moderator: I hope this will go thru. I think I represent the people who use
    the information, and not the ones who suppy it.

    ------------------

    all:
    here's my $0.02.
    It's obvious that what you are talking about is the representation of
    different interests in the industry. I'm just an admin, not even a
    super-skilled MCSE (especially not one of those that Steve talks about), but
    here's how things work here, and I would call it rather typical.

    1. install systems as current with verified and needed hotfixes, as
    possible.
    2. watch MS bulletins, watch bugtraq, etc. When receiving something relevant
    for the system, investigate. If any details are provided, verify if
    vulnerable. The more details the better, we do not have time to spend days
    on verification, we have our own business to run. If no details are
    provided, then it might take a lot of time to verify.
    3. if vulnerable, see patch or workaround.
    4. if details are provided, check if vulnerability is eliminated. Otherwise,
    pray.
    5. test our own applications if everything is ok.
    6. return to number two.

    Matter of fact, during the whole code-red issue, the single most useful
    thing for me, and a lot of fellow busy admins was the tool eEye created to
    test remote systems and whole networks for vulnerability. Even if it was
    something _very_simple_ to verify. It saved me hours, if not days, and
    that's what matters. If there were such tools available for other
    vulnerabilities (on time!), that definitely would be a service I'd pay for,
    even from my own pocket. Give me detailed description (how it works, what it
    uses, where exactly is the problem, what it breaks), give me a tool (command
    line, please!) to verify a system, and that's it, I'm your customer.

    Once again - I just want to protect the network I'm responsible for. I don't
    care about anybody else's. I don't have time to disassemble patches or test
    for known/unknown vulnerabilities. I just want to make sure the network is
    up, running, secure, and available.

    Thanks for listening, and all the best to you

    -Gabor

    _____________________________________________________________________
    ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net