Re: What so special about PostgreSQL and other RDBMS?

"Jim Kennedy" <kennedy-downwithspammersfamily_at_attbi.net> wrote in message news:AuEpc.19040$6f5.1748445_at_attbi_s54...
>>
> You are probably in a small shop then.

Huh? So what you're basically saying is that large shops can ignore basic security steps and then complain when they get bit?

It doesn't matter if I have 1 or 1000 SQL Servers, the basic security steps (such as blocking port 1433 to the outside world) are the same. If corporations had simply blocked 1433 and 1434 at the firewall, Slammer would have been a non-event, patches or no patches.

>We have tens of thousands of
> computers on our global network. Bank of America got hit, Siebel's site
was
> down for days. Yet look at Sun or Oracle, nary a hiccup. Gee, might be a
> pattern here.... I guess we could do what the CIA and NSA do and make
sure
> there isn't a connection to the outside world, the ultimate firewall.

Funny though. I can get to servers of the CIA and the NSA. But I can't get to critical systems. So if you "guess" you could do that, I'd suggest that's exactly what you do. Partitioning systems that are required to be secure from non-secure systems is basic security 101.

The biggest pattern I've seen is that most Windows administrators don't know the basics about administering in a high security and high availability environment.

Take a Unix administrator w/o a snobbish attitude (and yes, I've found quite a few that are snobs and a number that are open-minded) and you'll find that many of the same techniques that can be used to secure Unix systems and make them highly available can be applied to Windows systems with similar degrees of success.

The problem in my experience is not so much the OS as the operators.

> Jim
>
>
Received on Sun May 16 2004 - 17:21:35 CDT