Security Basics mailing list archives

Re: Ten least secure programs

From: "Chris Berry" <compjma () hotmail com>
Date: Mon, 30 Jun 2003 15:43:03 -0700

From: "Roger A. Grimes" <rogerg () cox net>
Chris, most rationale network administrators (or whatever you are) cannot

generally dictate by themselves what is and isn't allowed on "yournetwork".

It's a business decision made by management after you've told them of the
risks of using such-and-such a program.

While that's usually true for already established systems, when you'resetting up new capability, you often have the opportunity to recommendsomething. Also, I was trying to get a feel for items people would "keep aclose eye on".

You may hate MS-Outlook


Yes, worst virus ridden buggy piece of filth ever written.

MS-Internet Explorer

I prefer Mozilla, but IE isn't that bad, which is why I didn't put it on thelist.

but if your CEO tells you have to support it, then
it's best to learn how to secure vs. just saying someone can't have it.


Well of course, but that's not what I was talking about.

All the programs you mention below can easily be made relatively secure by
following the vendor's recommended configuration settings and patches.


I disagree.

So, I wouldn't recommend telling any end-user
they can't use such and such...it's better to tell them (or mgmt), "you
should have it configured this way and use this patch mgmt tool" if you are
going to use that software package.

Users, yes I wil tell them that. Management, well that's a whole notherstory as we all know.

If you start working somewhere and they have a sendmail server, you may bestuck with it, but if they tell you to install an email server that's adifferent story.


Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Encrypt everything, and ask questions later."

_________________________________________________________________

Add photos to your messages with MSN 8. Get 2 months FREE*.http://join.msn.com/?page=features/featuredemail



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in

about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

----------------------------------------------------------------------------

Current thread:

Re: Ten least secure programs Patrick Boucher (Jul 02)
- <Possible follow-ups>
- RE: Ten least secure programs Paul Kurczaba (Jul 02)
- Re: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Roger A. Grimes (Jul 02)
- Re: Ten least secure programs compguruman (Jul 02)
- Re: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Richard Bennett (Jul 02)
- Re: Ten least secure programs Mitch Pirtle (Jul 02)
- Re: Ten least secure programs vh (Jul 02)
- RE: Ten least secure programs Depp, Dennis M. (Jul 02)
- RE: Ten least secure programs Chris Alliey (Jul 02)
- RE: Ten least secure programs Graham, Randy (RAW) (Jul 02)

(Thread continues...)