 COLUMN
 |
 |
Security Adviser
P.J. Connolly
|
Use at your own risk
I HOPE NONE of you were surprised when the CERT (Computer Emergency Response Team) Coordination Center announced recently that Unix-based printer networks were vulnerable due to holes in nearly every vendor's version of the lpd print daemon. The good news is that it's easy to protect against attacks at this weak spot even if you can't install the available patches right away. According to CERT, TCP port 515 is the one to block at the firewall. That still leaves you vulnerable to an attack from within, but you can use the filtering features of your routers to provide an equivalent roadblock.
Why wasn't I surprised? Well, for one, the CERT bulletin was more of a roundup of known lpd vulnerabilities than hot breaking news. Bulletins such as this one serve the useful purpose of reminding those responsible for IT security that thoroughness is key. But they don't affect day-to-day security for most end-users until the other shoe drops and a critical server is compromised.
Speaking of dropping the other shoe, it didn't take long for someone to poke a hole in Microsoft's Passport authentication scheme, did it? The problem didn't take long to fix: Microsoft had to take its authentication servers offline for a few hours, inconveniencing some users of Hotmail and MSN. But this gives me another reason to recommend anything but Microsoft to those users concerned about present-day and future security threats.
Don't bother sending me that e-mail whining about how unfair I am because "every vendor has security problems." Yes, as we just saw a couple hundred words ago, that's certainly true. But there's a big difference. Most vendors are not attempting -- never mind succeeding at -- world domination. Most vendors haven't been found guilty of abusing monopoly power. Most vendors don't have a stranglehold on the corporate and consumer desktop markets. Most vendors aren't trying to create secure repositories for their customers' data.
The problem I have with Microsoft's "Trust us, we know what we're doing" defense is that it's proven wrong so often. Yes, stability and security can exact a toll on performance. But it's time for Microsoft's developers to stop worrying about performance and focus their priorities on producing secure code. If Microsoft truly cared about this, we would see an eye-rolling, sweat-drenched Steve Ballmer hollering "Security! Security! SECURITY!" to a crowd as excited as any documented by Third Reich filmmaker Leni Riefenstahl.
Passport appears to be unstoppable; Microsoft is tying it to services such as MSN, Windows Messenger, and anything else it can justify to put Passport into as many hands as possible, willing or not. I caved in grudgingly because I have to have a Passport account to access Microsoft's MSDN developer resources. But I wouldn't trust it with anything important, and neither should you.
P.J. Connolly (pj_connolly@infoworld.com) covers networking and security for the Test Center. Get this column free via e-mail each week. Sign up at www.iwsubscribe.com/newsletters .
RELATED SUBJECTS
 Security
Business News
MORE >
SPONSORED WHITE PAPERS
EMC
- Lower costs and improve reliability-Get the EMC CLARiiON white paper!
Ciphertrust
- Are you ready for Sobig.G? Learn how to protect your email systems.
CDW
- Personal attention. CDW. The Right Technology. Right Away.
EMC
- Explore key performance features and capabilities of EMC ControlCenter 5.1.1.
Intel
- Free Intel white paper shows you how to deploy a secure wireless LAN
Cisco
- FREE WHITE PAPER: BLUEPRINT to design and implement secure VPNs
Verity, Inc.
- "Mass Consolidation Hits the Web-Search Market"
McDATA
- Download a FREE storage consolidation white paper from McDATA(R).
Lucent Technologies
- Overcoming Common Firewall Limitations
Lucent Technologies
- Leverage Your Mobile High Speed Data Access. Download Free White Paper!
Nokia
- Get the scoop! Mobilizing business white papers & case studies.
BMC Software
- Maximize the Potential of Enterprise Data: Free white paper!
Network Associates
- Free white paper - Strategies for Optimizing Network Costs and Benefits
Entrust
- Manage identities across applications. Improve productivity.
Stalker Software
- CommuniGate Pro - Transform your Email and Calendaring
Remedy
- A NEW Gartner Research Note:Producing Quality IT Services
Search the IDG White Paper Library:
|
SPONSORED LINKS
|
