On Wed, 23 Nov 2005 08:52:30 EST, Anonymous Squirrel said:
(Writing as a long-time co-conspirator on the Top-20, all the way back to
when it was the Top-10)
I'm puzzled, SANS remediation is merely patch, turn on the firewall, and
configure per published guidelines. That fits for _any_ OS.
It just doesn't make sense that the _entire_ OS is a "Top 20" yet the
remediation is so basic.
Actually, it does - the metric for selection was a "bang for the buck", picking
the 20 things that would do the most to change the overall security of a site.
Since the remediation *is* so basic, and the target machines are easily found,
it's a better use of an overworked security geek's time to find the OS X boxes
and fix them than look for (for example) some subtle-but-deadly buggy PHP script
that may or may not be on any of their servers and may or may not be vulnerable
in their configuration...
Does SANS know something we don't?
Only that there's a lot more OS X boxes that need proper setup and config than
most people realize...
Is the mere existence of OS X in a
network so bad that it deserves to be tagged as a "Top 20"?
The problem is that there are enough OS X boxes on networks that are *NOT*
patched, firewalled, and configured that they pose a clear and present danger
to the networks they reside on.
If there weren't as many OS X boxes, or if they were all/mostly done right,
it wouldn't have been a "top 20".
pgpRxlx8Ubyi8.pgp
Description: PGP signature
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
