« SBN members are attending SC World Congress as press | Main | What happened to the Security Bloggers Network feed? It was assimilated »

November 13, 2008

When will colleges get serious about security and its my box, why can't I have root?

I was cruising/perusing the Security Bloggers Network feed last night.  There is just so much great content on a daily basis in there it is unbelievable. Two articles from two blogs I have not highlighted before caught my attention and moved me to comment here:

1. Scott Wrights Security Views blog has a post up "The first steps in reducing the embarrassing frequency of college system breaches". Scott calls colleges and universities to task for seemingly to be constantly the victims of breaches and security incidents.  I agree.  They are victims because for the most part they allow themselves to be victimized.  The edu market gets great discounts on security technology.  The problem is many of these schools are more concerned about providing access than they are about security.  They are in no win situations. They have to give students access, they can't install software on a students machine, many of these students are young and immature enough to either intentionally or unintentionally do wrong things. But the budget, the level of expertise and the will to do something is overall lacking at most of the schools I have seen.  Until that changes, we will continue to see the edu market as the victims in this ongoing tragedy.

2. Monkey-House.org has a good article titled "Barracuda Spam "Firewall Drowns in The Ping River". The author laments the fact that though he owns his Barracuda firewall appliance, he is not allowed to SSH or have root access to the box.  Unless you pay Barracuda a training fee to be "certified" on the box. 

I have heard both sides of this story.  The vendor claims by giving people this level of access they screw the box up worse and only make for more problems. We have seen this at StillSecure where people actually installed additional software on our appliances (it runs Linux) and when that conflicted with the StillSecure software it was a nightmare to troubleshoot and fix. On the other hand, I strongly believe that you own the box, you should have root access to it.  I don't think that is unreasonable and we continue to do this at StillSecure. What do you think on this one?

Posted at 09:23 AM in education, security bloggers network |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451e4d369e2010535eb7e9e970b

Listed below are links to weblogs that reference When will colleges get serious about security and its my box, why can't I have root?:

Comments

Search

Lijit Search

disclaimer

  • The views and opinions expresed here are those of myself only and in no way represent the views or positions or opinions of my employer, Latis Networks, Inc. d/b/a StillSecure or anyone else.

Blog Networks

  • Find the best blogs at Blogs.com.

StillSecure, After all these years, the podcast

Categories

Track my blog stats

Blog powered by TypePad
Member since 10/2005

About