RE: Is VMS losing the Financial Sector, also?


-----Original Message-----
From: Arne Vajhøj [mailto:arne@xxxxxxxxxx]
Sent: July 4, 2007 6:31 PM
To: Info-VAX@xxxxxxxxxxxx
Subject: Re: Is VMS losing the Financial Sector, also?


[big snip ...]

Let us understand that out in the real world companies are moving
to Linux.

Absolutely. But lets not pretend that Linux is going to take over
the world and that serious IT shops will not soon realize the real
costs of adopting a platform that has 5-20 security patches released
each and every month.

Linux will not take over the world next year.

The patch problem is not really a problem. So do not expect that
to have any effect.


You are looking at this from a developer who wants to believe this perspective - not from a reality Operations view.

Most BU's do not care what the IT group uses as platforms, but they do expect that there will be slim to zero security issues and for that these BU's and senior managers have near zero tolerance.

If a major breach is exposed or incident happens because IT did not apply a known patch to a specific documented security issue, who's head do you think will be served up on a platter?

The Dev group? No.

The Operations group - you bet. Hence, the focus on security is always more prevalent from an Operations perspective than a developers perspective.

And for those that think they can hide behind a good firewall and
not
apply all these security patches, remember that 50-60% of all
security issues are internal related.

Yes.

And as I have already asked in another thread without getting
an answer: how many of those 50-60% uses security holes in software ?

Arne

As I mentioned in another thread, disgruntled employees using known passwords is only one small part of the problem. [Course, the password issues are worse on platforms that have all or user type environments, but that is another discussion.]

Re: software security - Well, what do you think, trojans, worms, viruses on all those personal devices attack with?

They reside on laptops, PDA's memory sticks, cell phones and what ever other personal devices are out there. They are all looking for known WS and server services exploits to attack. And most traverse external and internal networks all the time which exponentially increases the chances of picking up some nasty bug.

Regards


Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-592-4660
Fax: 613-591-4477
kerryDOTmainAThpDOTcom
(remove the DOT's and AT)

OpenVMS - the secure, multi-site OS that just works.



.

Relevant Pages

  • RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, he lp the cause
    ... supply of patches (Windows NT4/95/98) these systems should go offline ... Security is always a trade-off. ... This is how Linux and other ... Apache virtually owns the market with more than 60%. ...
    (Full-Disclosure)
  • SecurityFocus Linux Newsletter #39
    ... Subject: SecurityFocus Linux Newsletter #39 ... Need to keep track of the latest vulnerability information? ... vulnerabilities for both security product vendors and corporate security ... NEW PRODUCTS FOR LINUX PLATFORMS ...
    (Focus-Linux)
  • RE: Linux hacked
    ... Subject: Linux hacked ... After you boot up into the OS running from CD, ... >> First let me say I'm a security novice. ... >> been unsuccessful in getting root back. ...
    (Security-Basics)
  • Re: Community responsibility and abuse (2): the case of top-
    ... Without ANY evidence of ANY security problems you try ... PLEASE PROVIDE EVIDENCE OF ANY ... evidence that Linux is anywhere near as insecure as windows. ... Still no "spacific evidence that Linux is anywhere near as insecure as ...
    (alt.linux)
  • Re: testing laptop based on bsd anyone
    ... "A new linux distribution for Wardrivers" ... I wasn't speaking about the relative strengths of security measures within ... As attacks through web applications continue to rise, ... vulnerability management needs. ...
    (Pen-Test)