Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
The Internet

How to Instill Proper Paranoia 5

Posted by michael from the teach-a-man-to-fish dept.
AN AC sends in: "Those guys at O'ReillyNet are teaching sysadmins to be paranoid."
This discussion has been archived. No new comments can be posted.

How to Instill Proper Paranoia More

How to Instill Proper Paranoia

Comments Filter:
  • Listen, if you're really paranoid about security, or even just responsible, you would not be running a public web server on IIS5 at this point in time.

    Even IIS4 is only just getting to the point where it can be considered reasonably secure, although you have to apply various security patches over and above the last service pack to get it to that point.

    I can just hear the wannabes saying "but IIS5 is what comes on Win2K! We can't run IIS5!" Simple answer to that: don't run Win2K on public web servers, either! If you have to run a closed source, Microsoft web server, run IIS4 on NT4. After IIS5 has been out for another year or so, once most of the security violations have been found and patched, then you can start considering migrating to it.

    If you're not that patient, switch to a nice stable version of Apache. You know you want to.

  • From the article:
    • ...User education is a wonderful thing. The junior system admins understand a little more deeply why security patches must be applied immediately -- a little reinforcement never hurts. Some non-technical people understood why, exactly, the senior system administrator frequently had his teeth clenched and a spastic twitch in his left eye. Plus, they understood the importance of security patches. The next time I inconveniently "down" a server to apply a security patch, there won't be nearly as much grumbling.

      Oh, wait a minute. I won't be taking down the server. That's what the ex-trainee is for. Maybe I can give him the spastic eye twitch, too.

    Clenched teeth... uncontrolled, spastic twitching... perhaps even a good bout of Tourette's syndrome!

    The BOFH [theregister.co.uk] lives... and he's contagious!

  • Bah!

    apt-get install proper-paranoia

    --

  • Russell Brand has a role-playing game for system admins. The game would have each person in the security class be the sysadmin of a single system, and it was that person's responsibility to (a) keep the system from being cracked, (b) keep the users from cracking the sysadmin, and (c) keep the boss happy.

    I won't go into any details because for the three years he presented this game at a conference I attend, the scenerios were completely different. But I will give you some insight into why the game was very, very good:

    1) It was possible (although very, very unlikely!) that a system could chug along without ever being attacked.

    2) The game was constantly being updated based on the latest attacks common on the Internet. In other words, each attach scenerio was based on a real-life crack.

    3) Russell showed us that it was possible to foil the attackers without being killed by the users, even in a worst-case scenerio.

    4) You gain a healthy respect for a pair of dice controlling your life.

    Sadly, I've not heard of this game being made available in the past few years. I'll have to check to see what the status of the game is; if there is a version you can "play" on the net, I'll post the fact somewhere.

  • Easy:

    rpm -i ProperParanoia_0.1.rpm

    (Sorry, I read the headline as "How to install ...")
    ;-)

    --

Slashdot Top Deals

It is clear that the individual who persecutes a man, his brother, because he is not of the same opinion, is a monster. - Voltaire

Close