[Info-vax] Using VMS for a web server
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Tue Jun 9 08:24:22 EDT 2015
On 2015-06-09 10:17:54 +0000, johnwallace4 at yahoo.co.uk said:
> There's a school of thought that says the only readily trustable LAN is
> inside the server room.
Not if your network or server administrator has been phished. Or if
you're a target.
FWIW, US OPM reportedly had network intrusion probes active, and the
intrusions and the data exfiltrations weren't detected.
Many sites aren't running any sort of monitoring. Those sites have no
idea what's happening on their networks.
> Also, the big difference between a web server and the other servers you
> mention is complexity and ubiquitousness (and thus, frequently but not
> always, scope for easy attacks). I don't know whether folk class that
> as a fundamental difference, but I suspect it's often important.
When it takes ~3 minutes for one box to scan the entire active IPv4
address space for open ports and to fingerprint for specific
vulnerabilities, there becomes a different sensitivity to "scale" and
"scope". Those IPv4 scans are only going to get faster, though IPv6
will ameliorate parts of that. The malefactors also have access to
effectively unlimited and distributed computing resources and
networking bandwidth to poke at ports, too.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list