[Info-vax] "Shanghai Stock Exchange" and OpenVMS

Main, Kerry Kerry.Main at hp.com
Fri Jan 23 21:01:37 EST 2009 

> -----Original Message-----
> From: info-vax-bounces at rbnsn.com [mailto:info-vax-bounces at rbnsn.com] On
> Behalf Of Bill Gunshannon
> Sent: January 23, 2009 12:40 PM
> To: info-vax at rbnsn.com
> Subject: Re: [Info-vax] "Shanghai Stock Exchange" and OpenVMS
> 
> In article <dLKdndB9ef0mYOTUnZ2dnUVZ_tPinZ2d at giganews.com>,
> 	"Richard B. Gilbert" <rgilbert88 at comcast.net> writes:
> > Bill Gunshannon wrote:
> >> In article <00659a5f$0$10051$c3e8da3 at news.astraweb.com>,
> >> 	JF Mezei <jfmezei.spamnot at vaxination.ca> writes:
> >>> Bill Gunshannon wrote:
> >>>
> >>>> We wre talking about systems in corporate situations run by
> supposed
> >>>> professionals, not "your momma's PC", remember.  If they don't
> know
> >>>> how to set up a secure system and don't know where to find the
> info
> >>>> they belong on the breadline and not in the corporate datacenter.
> > <snip>
> >>> It is relatively easy for a geek to secure his windows desktop. Not
> so
> >>> easy for a large corporate network with thousands of workstations
> to
> >>> roll out a new patch across its network.
> >>
> >> It is much easier than you think. If the boxes are set up properly
> and,
> >> in a corporate network, that is not as hard as some would have you
> think,
> >> most of these threats become a much lower precedence for concern.
> 
> >> would suggest that anyone doingt his for a living needs to do a lot
> >> more of that professional development and self-study that is what
> >> sepatrates us from the geeks.  Start with learning about something
> called
> >> "Defense in Depth".
> >
> > "Secure PCs" can be produced and reproduced quite easily.
> >
> >   You set up one box correctly and then clone it.  There is a way to
> > alter the ID of the machine so that the clones have unique IP
> addresses!
> > ISTR that we had a "Standard Load" for PC's and a box that cloned
> disks.
> 
> Yeah, that's one way to do it.  That's why people buy Ghost (which I
> have
> used both here and in my other job quite a bit.)  But it is certainly
> not
> the only way.  Of course, people here will tell you that there is no
> way
> to make that first Secure PC Image.
> 
> bill
> 
> --

Ok, so a "IT Professional" with all sorts of time to spend reads all the
latest NSA and DISA guides, then makes a secure Wintel image with all of 
the known IE and activex patches published to date.

Great, now this IT Professional rolls that image out to a few hundred 
desktops and/or servers.

Oops - patch tues for this month says another serious IE and/or activex
issue is found which allows you to exploit a PC or server running this
service.

Now - is that "secure" image still considered "secure"?

Oops - a few Wintel servers or PC's get exploited using one of this months
published exploits.

Using your logic, this is obviously the fault of the "IT Professional" for
not properly locking down all the PC's and servers against this months 
5-20 security patches.

????

Regards

Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-254-8911
Fax: 613-591-4477
kerryDOTmainAThpDOTcom
(remove the DOT's and AT)

OpenVMS - the secure, multi-site OS that just works.

More information about the Info-vax mailing list