Greg,
We have the same problem. Last December we had a serious DoS
attack. Everybody(management) was pointing fingers at the DNS server
(which was a symptom). It seems that I was correct in my assessment
of the situation, that we were indeed the victim of DoS attack.
Management doesn't want to see/hear about problems until a major
intrusion occurs, then it's too late.
I work for an agency of DoD, you would THINK security would be
extremely important (ha, ha). When you have management with a deeply
ingrained sense of touchy-feely horseshit (civilian and military orgs,
doesn't make any difference) you keep getting trounced upon and talk
to deaf ears.
By the way we don't have a firewall installed (yet!), that was put
on hold last September a week prior to deployment. I have had to
peice together a security posture using freeware from CERT, COAST and
other such places. And people wonder why I can't sleep at night!
Denny
Defense Distribution Center
New Cumberland, PA
email: dkeller @
ddc .
dla .
mil
Where's my valium!?
______________________________ Reply Separator _________________________________
Subject: Harsh Security audits?
Author: "Greg Collins" <gcollins @
dqisystems .
com> at internet01
Date: 2/19/98 9:29 PM
All,
We recently completed an audit for a financial institution. After we turned
in our report we received word that the V.P. who commissioned the audit
would like us to "tone down" the report. He apparently thinks that the audit
was too harsh. I obviously have an opinion on this, but I would like to hear
your thoughts on the subject.
BTW, we found some very serious problems. Such as a UNIX machine accessible
from the Internet...NO FIREWALL or anything to stop an intrusion. Yes, it
was running a version of sendmail with known problems!
Thanks
Greg Collins
Data Quest Information Systems
gcollins @
dqisystems .
com
"I have but one thing which cannot be taken from me, and that is my
integrity. It I must give up of my own will."
|
|
