From owner-freebsd-advocacy Mon Sep 25 11:57:22 2000 Delivered-To: freebsd-advocacy@freebsd.org Received: from pebkac.owp.csus.edu (pebkac.owp.csus.edu [130.86.232.245]) by hub.freebsd.org (Postfix) with ESMTP id AD75B37B42C for ; Mon, 25 Sep 2000 11:57:14 -0700 (PDT) Received: from owp.csus.edu (cxinax@[130.86.77.19]) by pebkac.owp.csus.edu (8.9.3/8.9.3) with ESMTP id LAA02921; Mon, 25 Sep 2000 11:56:46 -0700 (PDT) (envelope-from joseph.scott@owp.csus.edu) Message-ID: <39CF9ECC.A31DAD97@owp.csus.edu> Date: Mon, 25 Sep 2000 11:51:56 -0700 From: Joseph Scott X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Michael Lucas Cc: Wes Peters , Bill Fumerola , cjclark@alum.mit.edu, freebsd-advocacy@FreeBSD.ORG Subject: Re: wats so special about freeBSD? References: <39CC3AEB.3D768A0E@softweyr.com> <20000925094129.A30394@blackhelicopters.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-advocacy@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Michael Lucas wrote: > > > "if you want to install a secure system and don't know what you're doing > > ..." > > Unfortunately, that's life in IT nowadays. I find that I'm often put into the position of being less secure than I'd like to more because of pressure from people in power who don't have a clear understanding of the issues. My boss is pretty good about it, his boss is fairly ok about it, but above that it gets ugly :-( Yes, it's part of my job to help educate these folks, but my point is that often is more of a social/politcal difficulty for me to secure a box more than anything else. > I'm the support management dude for a consulting company. We run NT, > AIX, Solaris, AS/400, and a few other things, not to mention the > programs than run on them. The folks under me are decent, but not > what I'd call "expert." My office and several other programs on campus have been going through this problem for over a year now. It can be very difficult to attract even half qualified people. We are only 1.5-2 hours from Silicon Valley and that hasn't helped in attracting people :-( > FreeBSD is fairly easy to lock down, but I'd feel *far* better if I > knew everything on all my boxes was shut down by default. I do a > "netstat -na" on a Solaris machine and cry. Many UNIXes make it > difficult to identify what's running where. > > Should the company devote the hundreds of man-hours necessary to learn > exactly what is running everywhere and determine how necessary it is? > Yep. Are they going to? Nope. Can we even *hire* some of those > experts here in Detroit? Nope. A painful reality compressed into one paragraph. > All I can say is, thank God for my FreeBSD firewall. All I have to > worry about is my inside users. :) I have a lot more confidence in my firewalls than I do in my users inside of them. Given that I worry because a firewall only addresses certain issues. Ug. -- Joseph Scott joseph.scott@owp.csus.edu The Office Of Water Programs - CSU Sacramento To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message