On Wed, 23 Nov 2005 08:52:30 EST, Anonymous Squirrel said: (Writing as a long-time co-conspirator on the Top-20, all the way back to when it was the Top-10) > I'm puzzled, SANS remediation is merely patch, turn on the firewall, and > configure per published guidelines. That fits for _any_ OS. > > It just doesn't make sense that the _entire_ OS is a "Top 20" yet the > remediation is so basic. Actually, it does - the metric for selection was a "bang for the buck", picking the 20 things that would do the most to change the overall security of a site. Since the remediation *is* so basic, and the target machines are easily found, it's a better use of an overworked security geek's time to find the OS X boxes and fix them than look for (for example) some subtle-but-deadly buggy PHP script that may or may not be on any of their servers and may or may not be vulnerable in their configuration... > Does SANS know something we don't? Only that there's a lot more OS X boxes that need proper setup and config than most people realize... > Is the mere existence of OS X in a > network so bad that it deserves to be tagged as a "Top 20"? The problem is that there are enough OS X boxes on networks that are *NOT* patched, firewalled, and configured that they pose a clear and present danger to the networks they reside on. If there weren't as many OS X boxes, or if they were all/mostly done right, it wouldn't have been a "top 20".
Attachment:
pgpIPnoapj9uL.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/