Here in Windowsville
How much harm comes of the anti-Windows bias in the world of security?
- By Dian Schaffhauser
The SANS Institute allowed me to attend a few days of its recent Orlando
conference. I chose an excellent two-day track on honeypots, taught by
Lance Spitzner, a security architect for Sun Microsystems, and Marcus
Ranum, founder and CTO of NFR Security. These two live and breathe honeypots.
If you’re unfamiliar with the concept, a honeypot is simply “a security
resource whose value lies in being probed, attacked or compromised.” It
might be used for commercial purposes (to gain knowledge to protect against
the newest attacks), or it might be used for research (to learn about
the psyche of the black hats).
Joke: Based on that definition, who’s the largest manufacturer of
honeypots today? Answer: Microsoft.
“Security Advisor” columnist Roberta Bragg has covered the topic in her
columns. What she hasn’t talked about is the pervasive anti-Microsoft/pro-Unix
bias that exists in the security community at large.
Joke: How do you set up a honeypot? Answer: Bring a Windows box online.
The jokes here were quite popular in my training session.
Alan Paller, the director of research at SANS, has proclaimed in the
past that the Microsoft certification program was to blame in part for
the spread of Code Red last year—for not requiring MCSEs to show competency
in security. (I must add, SANS offered a free class at that time to show
people how to patch their systems.)
It’s tough to pay attention to people who know their stuff yet hold you
in derision. But that’s what I’m suggesting you do.
Stephen Northcutt, also a principal at SANS, has begun warning that we
can expect a worm to surface that will take advantage of SNMP vulnerabilities.
This is our chance to prove that Paller’s judgment was a bit hasty. That
means applying patches or disabling SNMP on your Windows machines. It
also means securing your Cisco equipment, HP JetDirect firmware, network
management solutions, power monitors, security systems, and a hundred
other devices and programs that you take for granted but can’t do without.
The CERT advisory on this exists here: www.cert.org/advisories/CA-2002-03.html.
Then in July we’ll be hosting our own security training event, the MCP
TechMentor Summit on Security. Attendees will have the chance to watch
a Windows 2000 network (and its related components) become hardened, using
only what Microsoft makes available in its software and resource kits
and online. You’re all invited to try to hack into the system. Learn more
about that at www.techmentorevents.com/seattle/.
Here in Windowsville, we’ve made for an easy target when it comes to
security. So I invite Paller and Northcutt, experts whose knowledge has
been annealed on that other platform, to join us in Seattle and watch
the new breed of security experts in action.
Am I misguided in feeling like the skinny guy in the Charles Atlas ads
who has to eat sand? Tell me at [email protected].
About the Author
Dian L. Schaffhauser is a freelance writer based in Northern California.