Re: Viva le Same! Linux

Subject: Re: Viva le Same! Linux
From: Andrew Plato <gilliankitty -at- yahoo -dot- com>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Mon, 30 Sep 2002 14:43:04 -0700 (PDT)


--- Jan Henning <henning -at- r-l -dot- de> wrote:

> > [Many statements unrelated to my argument.]
> > Windows can be secured. Very easily.
>
> No it can't. You may _believe_ that it is secure, but that is only
> because it is opaque to you - you simply confuse the lack of knowledge
> of any problems with the absence of problems.

I know it can be secured ... because that is what I do for a living, Jan. I
secure systems. See http://www.anitian.com/Corp/papers/Hardening_Win2k.pdf

I've secured the networks of over 50 different organizations ranging in sizes
from 10 systems to 50,000 systems, including one of the most secure areas in the
entire United States. And Windows is used in all these areas and we have been
able to secure it.

The first thing you learn when you start securing networks and systems is that
there are no absolutes. Everything is layers and factors of risk reduction.

And there are methods, tools, and technologies that allow you to determine, with
very great accuracy the relative security of a network. IDSs for example allow
the ability to very finely track access and misuse. These systems along with
vulnerability scanners, integrity tools, behavior monitors and many other tools
can tell you with exceptional accuracy, if a system is vulnerable or is being
attacked.

> A simple question: If Windows is so easy to secure and if security is
> the highest priority at Microsoft (as Bill Gates said it is), why then
> doesn't Microsoft do this easy thing?

They do. It just most people don't make security a priority. They TALK about
making security a priority, but then lack the skills, knowledge, resolve, etc. to
actually do anything about it.

Security is an inherently complex issue. It does not lend itself to simple
answers and quick "THIS ISN'T SECURE!!!" type solutions. There are numerous
interlocking layers of systems, processes, protocols...the list goes on and on.

And securing a network requires more than just technical skills. Just to tie this
all back to this list, my documentation skills have been immanently valuable in
my security career. Because I can communicate concepts and analyze complex
information.

Windows can be a secure platform. Its just not secure out of the box. But then
again - neither is RedHat, Suse, BSD, or anything.

Andrew Plato

__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Experience RoboHelp X3! This new RoboHelp release combines single sourcing,
print-quality documentation, conditional text and much more, into the most
monumental release of RoboHelp ever! http://www.ehelp.com/techwr-l

Enhance, optimize and automate your FrameMaker-to-PDF workflow with TimeSavers:
Define all PDF features in your source FrameMaker files ONCE, distill MANY.
Bookmark Controller, Link Controller, UnBloat & more : http://www.microtype.com

---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit
http://www.raycomm.com/techwhirl/ for more resources and info.



References:
Re: Viva le Same! Linux: From: Jan Henning

Previous by Author: Re: Viva le Same! Linux
Next by Author: Documenting complex tasks in Online Help
Previous by Thread: Re: Viva le Same! Linux
Next by Thread: RE: Viva le Same! Linux


What this post helpful? Share it with friends and colleagues:


Sponsored Ads