Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Security Pros Bemoan the Need for Focus

CmdrTaco posted more than 9 years ago | from the thinking-one-step-ahead dept.

Security 62

Ant writes "Computerworld has an article about more proactive initiatives falling by the wayside. Operational and tactical considerations continue to dominate the IT security agenda, despite a growing need for more strategic approaches to data protection."

Sorry! There are no comments related to the filter you selected.

Speaking of Moaning... (-1, Troll)

repruhsent (672799) | more than 9 years ago | (#10813126)

"Mom, I can't sleep would you mind if I get in bed with you? She was wearing a baby doll semi-see through nightie, and was embarrassed to let me in bed with her. However she remembered how I had let her sleep with me when she needed to. "Sure John, it's a big bed," she said in an uncertain tone. "Mom, would you mind if I snuggle a little with you. I just feel kind of sad tonight, I need you close to me." I said; without waiting for an answer I pulled her tight against me. I kept grinding my crotch into her ass trying to get comfortable. My hands crept up to her breasts and began playing with them, lazily at first. "John... JOHN what are you doing? Stop that and go to sleep." But I could not stop. I pulled her nightie up and wet my finger. I then stuck it into her slightly moist pussy. "John listen to me, stop right now. This has to stop. You are my son, and we can't do this. Please John don't do this to me." I did stop then and sat up next to her. I pulled her into my lap and cupped her breasts in my hands while licking her ear. "Susan honey, we need to talk, we need to finish this. I told you a long time ago that I love you, that I need you. I want to possess you utterly. I want you to give me your body, to make love to me. I have a tape mom. A tape of you raping me. I could blackmail you, send you to jail. But that does not get me what I want. I don't just want you on Christmas, I don't want stolen kisses, or the occasional snuggle. I want you to want me. To be hot and wild and passionate, and completely in love with me. I want to have the right to grab you and fuck you anytime I want, just like dad did. I want to wake up to find you sucking on my cock just because you feel like it. Mom can you honestly say you don't want that too? Can you honestly say that you can bear to have me walk out of your life forever? Because that is what I would have to do. You are the woman I love, the only woman I have ever made love to. If I can't have you, I will have to go. If I am near you, I have to fuck you. It is as simple as that," I said as I wrote my name on her breasts with my finger. She was crying now, and I could smell her juices beginning to boil and drip out her pussy. She laid back against my chest and I wrapped her in my arms. "I don't want to lose you, I, I know that you are more than just a son to me. I am so scared though. Wanting you this way is wrong. I am your mother. I should not let you play with my tits, I should not want you to lick my pussy, or need you to fuck my ass but for some sick reason I do. I know I can't allow you to fuck me, I can't let you put that big slab of cock-meat inside me. If I do that, there is no turning back, you will own me. I will become addicted to your dick. Oh god, what am I going to do. I love you John, but it is still wrong!" We laid that way for a long time, just holding on to each other. My hard on was peeking up between her thighs. Finally I came up with a solution. "Mom I understand that our relationship is not normal, but it is not WRONG either. Making love to you could never be wrong. I love you and I want to show you how much. Susan, it's Christmas. Let me have you this one time. Make love to me, be greedy, teach me how to please you. Make me fuck you right. We owe it to ourselves to try it at least once. You are All I want for Christmas, all I have ever wanted." Susan was quiet for a few seconds and then she slowly nodded her head. Her hands were trembling as she smiled up at me and said yes. I was so happy, that I crushed her against me and said over and over, "I love you baby, I am going to be so good to you, I love you mom," while kissing and hugging her. Our kisses slowly began to deepen, she was on top of me straddling my waist. Her breasts were brushing against my chest and my cock was laying against her ass. I was licking her lips, sucking on them when her pretty, pink little tongue flicked out to meet mine. I sucked her into my mouth and we both let out a little sigh of happiness. Susan began crawling down my stomach, stopping briefly to lick my belly button clean. Then she began playing with my cock, rubbing it against her face, eyes, nose, sniffing and then licking and sucking it into her mouth. It was amazing to watch. My mother was overcome by a wave of pure dick-lust as she began to swallow my cock. I don't know how big my dad's cock was, but he must have been my size or bigger, cuz my mom swallowed my fat 8 incher like an old pro. She kept looking me right in the eye, with this wicked little grin on her face, daring me to fuck her properly. I did. I began to ram it down her throat, we established a good rhythm. She breathed through her nose and every 20 seconds or so I would pull out and let her lick and massage my knob (and breathe), before plunging back in. "Cum on my face baby, cum all over your mother's face," she said between slurps, and squeezes and soft, slow, sucks. I could not help it, she was sucking the sperm right out of me. I grabbed Susan's head and pulled it tight against my crotch. I held her in place as I powerfucked her throat. Precum was bubbling out of me and I could hear it gurgling in her mouth. My balls were twitching and jerking hard now and I felt the sperm swimming their way to the head of my cock. "You want my sperm mom, you want some stinky-sticky? Take it you beautiful little slut, take your son's cum!" I bellowed as I shot the first load down her throat. I remembered that she wanted some on her face too; so I pulled out and pressed my spurting cock against her nostril and shot it up her nose. I had one or two dribbles left so I placed my cock on each of her eyelids and let 'er rip. Mom was a little surprised... but she did not complain. I don't know if I can explain how sexy my mom looked. My cum was in her belly, a little drop was hanging from the corner of her mouth. Her nose was dripping my cum, and her eyes were crusting over with it. (Guys try it with your girlfriend tonight, it is fucking amazing!) I wanted to rest for a few minutes, but I could not. My mom was obviously very horny and it would not have been polite to leave her hanging. We switched positions and I settled in for a long, slow lick. I may not have a lot of experience in some aspects of sex. Technically I am still a virgin, I guess, since mom has never let me fuck her pussy. then he cums on her face. THE END

Emails from the Void (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10813127)

(names changed)

don't know if you know or not but you missed an awesome halloween party this year! it had all the makings of a good halloween party blood gore and bunch of drunk people.

Apparently Amy, marc's large ex girlfriend from back in the days when ya'll played games at Mike's, cut the fuck out of Lisa, who is Brendon Faircloth's girlfirend and Edgar's estranged wife.

All because Samantha, Brendon Faircloth's wife found Brendon and Lisa in bed together. Hope you can understand all of this.

Then Edgar drives Lisa, his estranged wife, to the hospital. Jack Rayburn decided this would be a good time to start telling people what he really thought about them. Tells Brendon that he is a piece of shit, always hated him, and he will never be shit.

So then Jack and Brendon want to fight. There's contaminated blood all over the house and mothafuckas trying to fight outside. Valerie is collecting evidence to burn. And we don't know if the cops are coming.

Don't it sound like fun? I know you really miss Ashville now. Well I'm out, me and Julie are going to Eden tonight for Jason's birthday. Yeah me and Julie fucked up huh? Hold it down on the coast

Copyright 2004 E.f.t.V. "Your mother wears combat boots."

I'll see that... (0)

Anonymous Coward | more than 9 years ago | (#10813144)

and raise you an exponential synergy of consolidation and facilitation.

It sounds like (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#10813146)

They need some synergy.

Giving Up (5, Interesting)

Anonymous Coward | more than 9 years ago | (#10813149)


some people i know are so fed up of the state of internet security ,viruses,trojans,spyware,spam etc that they are actively considering disconnecting their main systems from the internet altogether and only using a dedicated machine for access

shame that security has got so bad where people are now retreating from public networks, if thats now in 2004 what's it gonna be like in 10-15-20 years from now ? i shudder to think

Re:Giving Up (-1, Troll)

Rosco P. Coltrane (209368) | more than 9 years ago | (#10813188)

they are actively considering disconnecting their main systems from the internet altogether and only using a dedicated machine for access

They should also consider going off the power grid and start using oil lamps and petrol space heaters. Never know where those 3vi1 h4x0rs might hit you from...

Re:Giving Up (2, Interesting)

digitalsushi (137809) | more than 9 years ago | (#10813214)

I'd have to ask why a company's main systems are online at all. I was disturbed to learn my bank's accounting system is online. Why should it be? I asked them. They said they didn't need it to be, it was just that they have only one network. Oh, good.

Re:Giving Up (1)

Cederic (9623) | more than 9 years ago | (#10818110)


At the company I work for:

- We have multiple websites selling direct to the customer
- The websites all connect to our back-end inventory system
- Some websites connect through to a bank to process credit cards
- Some websites connect through to a fulfilment system (others rely on the inventory system's connection to a different fulfillment system)
- The call centre apps connect to the same inventory and fulfillment systems
- A shop network connects through to the same inventory and fulfillment systems
- Various back-end systems connect to all these systems to provide MI and financial reports
- Those back-end systems connect to the accounting system to provide comparison info
- The accounting system is connected to the credit card payments systems via the bank

So either we don't provide websites, or we don't link those websites to our existing systems (which, given we're selling a limited resource, would prevent us accurately knowing our inventory available to sell), or we don't take payment online, or we end up with a navigable link from Internet to Accounting system.

Having said that, there are firewalls, switches, various independent networks (isolated by more firewalls and switches), etc.

It's a trade-off between risk and enabling the business. We have minimal risk from our current set-up, and it vastly improves our ability to generate turnover and earn income.

~Cederic

Re:Giving Up (1)

davesplace1 (729794) | more than 9 years ago | (#10813250)

It is a bad sign, hopely things will get better or we will be living in a non Microsoft world.

Re:Giving Up (2, Interesting)

phillymjs (234426) | more than 9 years ago | (#10813334)

things will get better or we will be living in a non Microsoft world.

I think you misspelled "and."

~Philly

Re:Giving Up (1)

Tony-A (29931) | more than 9 years ago | (#10813520)

I think you misspelled "and."

Nope, the or is correct.

"things will get better"
[ of their own accord, which if the above comment on the bank which has its accounting system online because "they have only one network" is at all indicative of the state of affairs, just is not going to happen.]

or

"we will be living in a non Microsoft world"
[ the only viable recourse if things to not get better on their own. ]

[ and then ] things will get bettor.

Re:Giving Up (2, Interesting)

mordors9 (665662) | more than 9 years ago | (#10813533)

You can't really blame them for giving up. Lawsuits are going to get worse against companies that get hacked and private information gets out on the internet. It also seems like the nature on people on the internet has changed. It used to be that most of the geeky types that tried to hack a box, did it just for fun. We would get in just to see if we could, then maybe leave a note to the Sysop that his system was open. Oftentimes he didn't change anything because he didn't care as long as no one screwed anything up. Now it is all different. There are thousands of script kiddies using scripted tools to hack a box or making slight alterations in virus source code, so they think they are the next phenom. At the same time companies don't want to spend the money to hire competent people to administrate their networks and systems. They apparently think it is cheaper to just retreat from the internet.

Ant is in management (0)

Anonymous Coward | more than 9 years ago | (#10813163)

Right? Because who else would write a summary like that.

sounds reasonable to me (4, Interesting)

digitalsushi (137809) | more than 9 years ago | (#10813171)

I am a sysadmin, a poor one, and I can definitely say I could spend 100% of my time trying to patch holes and cracks in our system and still not have enough time left over. And I have a sneaking suspicion that someone who knows what's going on could redo our environment entirely such that I wouldn't have to. What an unfortunate thing! I don't even know what I'd do with all those extra resources freed up. I think our company had something to do with turning profits, long ago ...

Re:sounds reasonable to me (0)

Anonymous Coward | more than 9 years ago | (#10813199)

I could spend 100% of my time trying to patch holes and cracks in our system and still not have enough time left over

100%-100%=0% time left. Yep, sounds about right...

Re:sounds reasonable to me (3, Interesting)

Spoing (152917) | more than 9 years ago | (#10813665)

  1. I am a sysadmin, a poor one, and I can definitely say I could spend 100% of my time trying to patch holes and cracks in our system and still not have enough time left over. And I have a sneaking suspicion that someone who knows what's going on could redo our environment entirely such that I wouldn't have to. What an unfortunate thing! I don't even know what I'd do with all those extra resources freed up. I think our company had something to do with turning profits, long ago ...

Security is tough...though doable. The general idea is to secure your systems well enough so that if a new exploit occurs it is difficult to impossible for the exploit to impact your unpatched systems.

General tips;

  1. Simplify; run only what you absolutely need on any system. Remember that even simple programs have been exploited in the past so don't fall into the "that's just a harmless ________" trap.
  2. Isolate; don't just keep minimial systems exposed to the internet, keep all systems visible on a 'need to know' basis. If the database server only talks with the intranet web server and the accounting database, make it so only those machines can see the database. If something breaks, or a developer needs access, either change the router or treat the database as a remote resource and have the group use a SSH tunnel.
  3. Automate; whatever can be automated, automate. Keep in mind that updates can break systems in some way, though focused patches tend to be fairly harmless. Have rollbacks enabled so that any dammage can be reversed without resorting to backups. (You do backup everything, right? Nightly incremental backups + occasional full backups.)
  4. Hire me; I'd be glad to charge, er, help you out with this. Reasonable fees and all that.

BUSH IS A MURDERER (-1, Offtopic)

origen_oscuro (827982) | more than 9 years ago | (#10813178)

Nearky 100'000 persons murdered in 5 days! Now they has been "liberate". George W. Bush is like Adolf Hitler: a genocide and a mad man and nothig better.

Re:BUSH IS A MURDERER (0, Offtopic)

Anonymous Coward | more than 9 years ago | (#10813221)

Nearky 100'000 persons murdered in 5 days! Now they has been "liberate". George W. Bush is like Adolf Hitler: a genocide and a mad man and nothig better.

Looks like grammar teachers has liberate you too soon and nearky nothig good came out of it...

Re:BUSH IS A MURDERER (0)

Anonymous Coward | more than 9 years ago | (#10813530)

Dude. I don't doubt that bush is an idiot and that he lied about the reasons for the Iraq war but at the same time you're not much better. After all, you're lying about your figures eh?

And after all, at least bush removed an obviously evil dictator. No mercy for Saddam!

Confidence interwal super-wide (0)

Anonymous Coward | more than 9 years ago | (#10815630)

If you're referring to the story in "The Lancet", the confidence interval was ridiculously wide.

News For Nerds (1)

bushboy (112290) | more than 9 years ago | (#10813195)

It is what IT is.

Is this the right use of the word 'bemoan'? (4, Interesting)

Dixie_Flatline (5077) | more than 9 years ago | (#10813252)

It sounds like security professionals are annoyed that they have to focus on anything. Wouldn't a more accurate headline be

"Security Professionals Bemoan Lack of Focus"?

Right now, it just sounds like security pros are whiny babies that don't want to do their jobs.

Re:Is this the right use of the word 'bemoan'? (1)

Vicsun (812730) | more than 9 years ago | (#10813319)

Stop bewhining!

Re:Is this the right use of the word 'bemoan'? (1)

kfg (145172) | more than 9 years ago | (#10813394)

Right now, it just sounds like security pros are whiny babies that don't want to do their jobs.

Gee, thanks a lot. For the rest of the day my tongue is going to hurt.

KFG

Re:Is this the right use of the word 'bemoan'? (2, Informative)

Tom (822) | more than 9 years ago | (#10818447)

Right now, it just sounds like security pros are whiny babies that don't want to do their jobs.

As security professional, the fact of the matter is that more often than not the company doesn't let me do my job. Cost isn't even the main issue - understanding is.

If you think about moving into the security area, realize one thing: Half of your time will be spent convincing management that the other half is really necessary, and two thirds of that other half are dealing with either decade old issues (no encryption, weak passwords, not updated machines) or user stupidity (sharing passwords, disabling security features, not following procedure).

The sixth or so that's left is pretty thrilling, though.

Re:Is this the right use of the word 'bemoan'? (1)

Dixie_Flatline (5077) | more than 9 years ago | (#10819577)

I'm not really trying to imply anything about you as a professional. I'm just complaining that using the word 'bemoan' in that manner gives the misleading impression that security pros wish that they didn't have to focus and get the job done. I think whoever wrote the headline didn't really know how to use 'bemoan', but heard it somewhere and thought it sounded good. :P

Re:Is this the right use of the word 'bemoan'? (1)

Tom (822) | more than 9 years ago | (#10827973)

As a non-native english speaker, I might not give words the same weight as you do, as long as the content is clear enough. :)

I call shenanigans (3, Funny)

Boss, Pointy Haired (537010) | more than 9 years ago | (#10813282)

"Issues such as network access control, intrusion detection, network operations and help desk functions can take up much of a security staff's working hours", said Popinski.

I think this guy's just pissed that he doesn't have enough time to surf Slashdot at work.

Re:I call shenanigans (0)

Anonymous Coward | more than 9 years ago | (#10817579)

In other news, zookeepers bemoan the fact that cleaning up shit and feeding and bathing the animals takes up most of their working day.

Java WebStart apps - free from viruses/spyware (2, Interesting)

MarkSwanson (648947) | more than 9 years ago | (#10813289)

The Java Web Start sandbox environment may be a bit too limited for some applications, but it is secure and more applications are being written for it all the time. Sun is also improving it with every release. In this environment you don't have to trust the code, or the software vendor wrt manipulating your hard drive, network interfaces, keyboard, or even the clipboard.

For more secure Java Web Start info: http://www.scheduleworld.com/itsYourLife.html [scheduleworld.com]

Re:Java WebStart apps - free from viruses/spyware (1)

TheRaven64 (641858) | more than 9 years ago | (#10813323)

I am really impressed by JWS. I clicked on a link to a JWS app the other day, and it downloaded and ran (safely, in a sandbox) with no more interaction (on a Mac. I've not tried it on other platforms). The app itself didn't even come close to conforming to the platform's HIGs, but the deployment technology was very impressive.

Re:Java WebStart apps - free from viruses/spyware (1)

Phragmen-Lindelof (246056) | more than 9 years ago | (#10816378)

Considering Sun's opinion of FOSS (... What is Sun's opinion of open source? It is not 100% support of FOSS; maybe 30% support?? ...), I have trouble trusting anything related to Sun. What patents do they hold? When will they spring something on "us"?
I would just as soon see Sun die. (If I could trade DEC for Sun, I would do so in a nanosecond. I don't know how far out of date is Alpha development, but with Intel, etc. hitting the wall w.r.t. single cores, I wonder if smart, rather than just fast and dumb (e.g. P4), CPU design would still be better.) HP is probably on a five year death march; they will missuse their DEC assets, milk COMPAQ over the short run, follow their great LEADER's instructions and die in front of all of us.

Re:Java WebStart apps - free from viruses/spyware (0)

Anonymous Coward | more than 9 years ago | (#10818241)

Microsoft bashers turn your eyes away now...

OK, the two of you left -
AFAIK this is what the .NET framework 'managed code' stuff is meant to give you. I have no idea how the current WebStart implementation measures up with the current .NET 'managed code' implementation, I just wanted to point out it's not a unique idea. I doubt MS or Sun came up with the original idea anyway.

Less tactics, more strategy! (0)

_iris (92554) | more than 9 years ago | (#10813293)

My thesaurus lists "tactics" as a synonym for "strategy."

Re:Less tactics, more strategy! (1)

TheRaven64 (641858) | more than 9 years ago | (#10813333)

My thesaurus lists "tactics" as a synonym for "strategy."

Then you need a new thesaurus. Tactics refers to planned operation activity in the short term and usually in a small area. Strategy refers to a broad overview of planned activities.

Re:Less tactics, more strategy! (1)

jesser (77961) | more than 9 years ago | (#10815103)

I think I understand the distinction between "tactical" and "strategic" now, but what is "operational"?

From the manual: (1)

GQuon (643387) | more than 9 years ago | (#10815650)

"[The operational level] is the link between strategy and tactics. Action at the operational level aims to give meaning to tactical actions in the context of some larger design that is itself framed by strategy."

computers as appliances? (1)

bagel2ooo (106312) | more than 9 years ago | (#10813298)

I've been thinking about this quite a bit. I know that there are a ton of unscrupulous businesses and persons out there releasing spyware/malware and spamming, et al. In addition to that, I can't help but think that a lot of issues people have is that they treat computers largely as they would an appliance. It does some specific tasks and should continue to do so with as little human intervention as needed, at least in their eyes. When people realise that computers take a bit more commitment and dedication to run properly and even remotely secure things may start to improve.

Re:computers as appliances? (1)

Blackknight (25168) | more than 9 years ago | (#10813342)

That's the problem, computers are too complicated for ordinary users. Unless you spend hours and hours locking things down then your system will be vulnerable.

You shouldn't need a degree in network security in order to connect to the internet, but unfortunately that's the reality.

Also, a lot of people that own computers never use them to their full potential. If all you need is a word processor, then buy a word processor.

Re:computers as appliances? (1, Informative)

Anonymous Coward | more than 9 years ago | (#10813846)

You shouldn't need a degree in network security in order to connect to the internet

In a sense, you should. The Internet is just a means of routing packets. Clearly, it can't provide security between you and some other system.

That other system might be benign, or it might have every intention of attacking you if you give it the slightest chance. So, who's responsible for making you safe when you connect? You are, inevitably.

It would help a lot if you were able to choose a system which is secure by default and ideally there would be an international certification for rating its effectiveness. Then, as a consumer, you could just go out and buy the product appropriate to your needs, as if it were an appliance.

Bear in mind that an ordinary appliance only has a very small number of controls on it. It's therefore both good and bad to think of making a computer system appear more like an appliance. With a vastly reduced configuration space, such systems would be easier to test and certify, but in that form they would likewise have a relatively limited range of functions.

Re:computers as appliances? (0)

Anonymous Coward | more than 9 years ago | (#10817906)

It doesn't help when folks can walk into BestBuy and purchase a single carton containing a Compaq presario or HP pavilion, when they sit on the shelf right next to the microwaves and telephones. How can a consumer be expected to treat them as anything EXCEPT a simple appliance ?? Okay, the box was a little bit larger than the telephone next to it, but the salesman said "just take it home and plug it in" !

A serious issue... (2, Insightful)

beaststwo (806402) | more than 9 years ago | (#10813364)

I've been working with medical research organizations that are having to deal with 21 CFR Part 11 restrictions on restricting access and ensuring data integrity as part of the FDA process for clinical trials. It is a much more strategic approach than the traditional "patch and fix" approach taken by other IT organizations I work with.

When I first saw the FDA requirements, I was horrified, but after thinking about it a while, I started wondering why al systems don't take this kind of approach.

It comes back to the old "when you're up to your ass in alligators..." problem. If you can deal with some issues on a more strategic level, you can try to design many of the day-to-day problems out of the system, allowing sysadmins to spend less time fixing the same problem over and over again.

AMEN BROTHER (1)

RMH101 (636144) | more than 9 years ago | (#10818665)

it's all related to the original Good Manufacturing Practise processes. pros - our implemented stuff is *bulletproof* and identical down to LRF* level on the boxes. cons? what might take an afternoon on an unvalidated system can bloat out to a month's project under GxP.
i think that any system that has serious potential for abuse should go under similar levels of attention to detail: whether it's financial or contains significant personal details.
however, try convincing big business they need to spend the time and effort - unless you've got a heavy-duty regulatory authority like the FDA telling them it's got to be done that way, it won't be.

* Little Rubber Feet

More of a strategic planning process.... (4, Informative)

Proudrooster (580120) | more than 9 years ago | (#10813399)

"What's really needed is more of a strategic planning process that involves business executives and technologists," Spinelli said. Instead, security managers all too often offer "nothing by way of a long-term strategy" for IT security.

In just the first two paragraphs alone I was able to fill up my BULLSH*T BINGO card [perkigoth.com] . Let's see if I can write a useless statements containing lots of buzzwords. What's really needed is a short term strategy with long term synergestic goals that transcend all layers of the organization and implement proactive world-class security. Yep, I still got it.

Just think, if executives had more of a strageic planning process for the business in general, then US companies might be healthier and stronger, instead of sacrificing the future for short-term profits.

I guess it is just a slooooow news day.

Re:More of a strategic planning process.... (2, Insightful)

eyepeepackets (33477) | more than 9 years ago | (#10813478)

"sacrificing the future for short-term profits"

But, but...that is the strategy.

Dude, I'd give you a free clue but you have to be able to hold it first. *bonk*

What's really freaking sad... (0)

Anonymous Coward | more than 9 years ago | (#10813588)

...is that I fought the establishment and refused to move our school from Mac to Windows. The few PCs we do have are running Fedora. While other schools in our area are having entire outages and needing their entire infrastructure locked down and cleansed, in the past 4 years we have NEVER had a security breach of any workstations or servers. Yet we are under pressure CONSTANTLY to give up on Apple and move to Windows for lame "standards" reasons.

You want focus, here's your focus:
http: //www.apple.com/macosx/

I know I'll probably get modded a troll, but if you want a trouble free network/infrastructure, switch to Mac or in the very least Linux.

Need for Focus? (0)

Anonymous Coward | more than 9 years ago | (#10813648)

"Security Pros Bemoan the Need for Focus" ?

We've got SecurityFocus remember?

Am I the only one (1)

jcuervo (715139) | more than 9 years ago | (#10813725)

who hates the word "proactive"?

Yesterday's battles (1)

wombatmobile (623057) | more than 9 years ago | (#10813752)

.

"We're still fighting a lot of yesterday's battles," said Fred Trickey, information security administrator at Yeshiva University in New York.

Yeah, all the new battles go to the guys with good names, like Batman, The Riddler and Dick Tracy.

Security Pros are between a rock and a hard place. (3, Insightful)

RancidPickle (160946) | more than 9 years ago | (#10813792)

The Security Pros are in two camps right now - reactive and proactive. My belief is that proactive may be the philosophically better choice, but the reactive is the modern-day way of life.

Security has always been the bastard stepchild of the IT world. Nobody wants to spend any money or time on it, but it is the biggest reason why networks fail. It's akin to buying insurance for your network. While some high-end gurus want to come up with methods of protecting networks on a high-level, the folks who are writing virii and spyware are working on new methodologies to counteract the standards. Compare this with the way battles were fought during the American Revolution - the British lined up in neat rows, and some American snipers hid in the surroundings. The British bemoaned the tactics, and were generally unable to understand or cope with the revolutionaries who "didn't fight fairly". The end result was Britain was defeated, and having general proactive security plans will also get defeated because the 'bad' coders don't play by the rules.

What may be a good idea is to train and develop more folks who look for security holes and spyware methods and plug them before they get exploited. Anti-spyware and anti-virus companies could do it, and they could use it as a marketing tool (Our new update protects against the IE URL buffer overflow hack!). Companies like MickeySoft can invest some of that capital they have lying around under their couch cushions to either promote (or buy) and AV company, and it would allow M$ to get exploits identified quicker, and perhaps hush the chatter on how hole-y their software is by fixing those holes before they become public.

So, like the rest of the IT world, I have to go on, day after day, reacting to any new threats that show up on my virtual doorstep. For most admins and security folks, that is their focus. When companies go down for lack of vigilence, their competitors will begin to see the use of having trained folks on-site to watch their backs.

Proactive vs Reactive (1)

BobSutan (467781) | more than 9 years ago | (#10814022)

Most PHBs misunderstand the results of proactive security, mainly because proactivity breeds less tangible results (because the attacks are mitigated before they do any damage). In the case of a successful security breach the damage is seen, counted, and monetary losses to the company are estimated. For example, when a virus hits and the IT guys are scrambling, the monetary losses are itemized and quantified. If the network is secured and nothing happens the IT folks can't claim one way or the other about how much money they just saved the company from reactionary tactics of such an attck, despite how much you may try. Its scary how many people would rather have the "warm-fuzzy" that their money is being used for something they can actual see. I think their thinking process goes a little something like this:
"Phantom security? Bah! Why put up money that may or may not protect us when we can see actually results of the money spent by watching the the workers that have to stay late to disinfect the servers and workstations." Yes its a screwy analogy, but its really that simple in a lot of cases.

Then start buying AMD Athlon 64's! (2, Interesting)

Brian Stretch (5304) | more than 9 years ago | (#10814032)

They could at least stop buffer overflow attacks by using AMD Athlon 64 CPUs ("Enhanced Virus Protection" as marketing says). And cut their electric bill. But noooo, they keep buying the overpriced Intel-based blast furnaces that Dell sells them.

It won't make Windows secure, but it might free up enough time for strategic thinking. Then again, so would doing IT development in-house rather than cleaning up outsourced disasters...

Service Pack 2? (2, Interesting)

dshaw858 (828072) | more than 9 years ago | (#10814262)

I know that Microsoft isn't Slashdotters' favorite company, but I have to say that I think that Service Pack 2 will help security immensely. As has been said before, most of Windows users are computer illiterate. SP2 gives users an enhanced layer of security (the XP Firewall, for example), and can really help the computer illiterate (that would otherwise be totally unprotected) secure themselves.

- dshaw

Re:Service Pack 2? (1)

RancidPickle (160946) | more than 9 years ago | (#10816072)

SP2 was a great idea, but it was poorly implemented. It caused almost as much havoc as the Netsky worm. I have several clients that had their systems set up automatically load and install SP2, and they found themselves without viable machines the next day.

One instance involved a gent who was using WinXPPro to serve out a cash register and inventory system for his store. He only had four machines, and it had been working fine for over a year. After SP2 was autoloaded, everything stopped working, from Quickbooks to his cash register system to Norton Internet Security.

I had to go in and poke around - there were workarounds for Quickbooks and Norton, but not for his cash register program. I had to uninstall SP2, fix the issues that popped up from that evolution, uninstall Norton AV the hard way and reinstall it (and it turned out he did have Netsky and Klez - his LiveUpdate was damaged and his def file was from March 2004).

Overall, two hours of work at $125/hr, plus I threw in some training on updating his AV and ran a spyware remover.

If M$ had done their homework and worked with the major SW vendors, this could have been avoided to a large extent. It would have been a better idea to incorporate updates loadable by Windoze Update, like some major hardware manufacturers do.

Re:Service Pack 2? (1)

dshaw858 (828072) | more than 9 years ago | (#10816380)

I'm not saying that SP2 is a golden gift from heaven, and yeah, it does bring a lot of trouble. But, for users that don't do so much as install a firewall or anti-virus, SP2 will make them more secure. I think that this will be shown more when users start buying machines with SP2 already installed, as opposed to updating from an SP1 machine.

- dshaw

Re:Service Pack 2? (1)

Phragmen-Lindelof (246056) | more than 9 years ago | (#10817310)

What about this [slashdot.org] ?

Maybe "business users" need to learn... (1)

GileadGreene (539584) | more than 9 years ago | (#10814476)

Security practitioners need to learn to speak the language of business users and try to understand the kinds of problems they're facing, according to Roger Fradenburgh, a consultant at Greenwich Technology Partners Inc. in Boston.

[sigh] Why is it always the case that [insert random technical speciality here] has to "learn to speak the language of business users"? Technical language exists for a reason: more precise expression of problems and solutions. If business users can't even "speak the language", how can they express their problems, and more importantly, how can they even begin to understand the issues involved in implementing the solutions to their problems. In fact, if they don't "speak the language" then they're unlikely to understand that security (or whatever other speciality we're talking about) is an issue at all. Which might explain some of the problems we're having these days.

Note that I'm not saying that said business user has to be an expert in the field of security or anything else. But they should be at least conversant with the basic issues involved, and aware of what kind of questions they need to be asking. I have led several design teams involved in developing extremely cross-disciplinary products. I wouldn't claim to be an expert in any of the specific disciplines (otherwise I wouldn't need the team, would I), but I at least made the effort to understand the disciplines well enough that I could "speak the language" and ask the right questions, and make informed decisions based on the answers I got. By the same token, if I was running a business I'd make damn sure that I understood enough of each of the elements of my business (including security if that was an issue) that I could ask good questions, understand the answers, and make decisions based on those answers. How can "business users" make decisions if they don't understand what they're deciding?

End of rant -- thanks, I feel better now...

Re:Maybe "business users" need to learn... (0)

Anonymous Coward | more than 9 years ago | (#10815412)

I can only agree. It's sort of like asking an jet turbine engineer to "speak the language" of a tourist heading to Cancun.

Yes, the tourist is spending money on air travel, and therefore ultimately paying for turbine engineering. Indirectly, that entails a whole variety of plausible goals, for example low fuel consumption, low noise, low rate of turbine failure, low mean time to repair, and so on. But really, "speaking the language" of the tourist is not a remotely useful way to set these goals against the myriad constraints of turbine design.

In my experience, the "language of business" is identifiable, in its present fashion, by the high proportion of sentences which begin with I want. This is no way to start a dialogue. Business in a technical era requires the willingness and intelligence to engage with technical issues. If your attitude is just to say "I want" more loudly, you're in the wrong business.

You forgot to put in "paradigm" (1)

gomel (527311) | more than 9 years ago | (#10819596)


Dear CmdrTaco,

since when is marketing bullshit "news for nerds, stuff that matters"? :

"proactive"
"initiative"
"operational"
"tacti cal"
"consideration"
"dominate"
"agenda"
"stra tegic"
"approach"

You, The Editors, have been rejecting story submissions for much smaller sins.

strategic vs tactical (1)

sribe (304414) | more than 9 years ago | (#10821983)

Somebody needs to wake up and realize that these 2 words have very different meanings...
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?