RE: [cobalt-users] PortSentry and Logcheck ?

[Rodolfo Paiz <rpaiz@xxxxxxxxxxxxxx>]

> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Brent Sims
> Sent: Monday, June 05, 2000 10:27 AM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-users] PortSentry and Logcheck ?
>
> 	While dessiminating fear is not my style, the bad guys often
> monitor lists such as this. Worse yet, perhaps, the average level of
> technical expertise on this list is low enough that what I'm about
> to say ought to make sense. Since starting my efforts to help some
> of you secure your servers, the scans and attacks on our servers
> here have increased substantially - frightenly so. My guess is that
> a few bad apples are here for no other reason than to locate servers
> that are easy pickings... this is pretty much true on any list of
> this nature though. I'm just surprised by the results that my meger
> efforts have been producing...

Brent,

"Just because you're paranoid doesn't mean they're not out to get you."

Too few people actually approach security the right way: trying to think
like a bad guy and looking for weaknesses, then locking them up. My family
is quite wealthy and for years we faced a potential threat from kidnapping;
this is how I learned about real-world security. In the digital world the
same applies, and though you have no threats to your life, you are also open
to the attacks of the entire world should they choose to target you.

Anytime well-meaning people approach the subject of security, there is
someone there who listens in order to learn, in order to plan, in order to
attack. All on this list would do well to keep that in mind, and remember
that proper security comes before almost anything on your list of
priorities, or should. In the eternal words of Robert A. Heinlein:

"You live and learn... or you don't live long."

------
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>