[Gllug] Clueless sysadmins
Rev Simon Rumble
simon at rumble.net
Thu Jul 31 09:00:56 UTC 2003
On Thu 31 Jul, Simon A. Boggis bloviated thus:
> > little knowledge of such things as 'routing' and offer no default route.
>
> I've seen some windows-only places do that sort of thing as a "security
> measure" - no DNS, no default route, internet explorer talking to a
> cache, outlook talking to local mail server. Don't quite see what
> they're securing, given that two common vectors for getting hurt are:
Reminds me of when I used to work for a dot.bomb (now bombed, of
course) soon after the IPO. Our Windows-only sysadmins had blocked
outbound ssh. I asked the admin why and he told me they'd had an
outside security audit and the auditor had told them that outbound ssh
was a security hole. "Why?" I ask. "Can't tell you that, for
security reasons."
Oh well, so I trundle back to my desk, download a Windows port
scanning tool and do a full outbound port scan from inside their
network. Does my phone ring with a "WTF do you think you're doing"?
Course not, they didn't need to monitor the network because they'd had
a security audit.
Turns out, as a web agency, they had outbound FTP unblocked -- now
there's a secure protocol. So I just set up ssh at the other end to
listen on the FTP port. Problem solved.
And they wonder why they went bust... I won't start on their site
designs...
--
Rev Simon Rumble <simon at rumble.net>
www.rumble.net
"The ability to quote is a serviceable substitute for wit."
- Somerset Maugham
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20030731/2139615c/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list