Security is a Full-Time Job

Ignorance must have been bliss in 1969. Around this time, the continental network that became the Internet was just forming. (RFC 1 was published by Steve Crocker on April 7th.) Life for a system administrator back then was a lot simpler – there was implicit trust between a computer owner and the people that could access it via the network. There were no hackers, because the people building the network were the only ones that could use the network.

Fast forward to 2004. The same architecture that simplified the deployment of the Internet now hinders it. A script kiddie can bring down any web site by forging packets – including big sites you may have heard of: Yahoo!, Amazon.com, CNN, eBay, and others. (All of these are among the 15 largest English-speaking sites, according to Alexa.)

Recently, software companies seem to have been selling the idea that keeping up-to-date on security patches will keep you safe. While it certainly helps, this isn’t going to make your system foolproof. Security problems can be caused by all sorts of other problems, including human error.

Ultimately, security is a full-time job. You can write scripts to install patches, run programs to check your traffic for unwanted activity, and scan for viruses and worms. However, if you’re not spending at least 40 hours a week reading security bulletins, testing software, and educating others, you will miss something.

Running a personal web server looks like an attractive option for many people, but when you’re figuring the cost of piggybacking on a DSL or cable connection, don’t forget to figure in who’s going to be handling your security.

If that someone is you, you might want to start reading.

Semi-annual Time Gripes

I think I’m going to make these semi-annual gripes about daylight saving time a Waileia tradition. I forgot to set Movable Type back to Nome time to compensate for the rest of the United States (except for those smart Hoosiers in Indiana and a few places in Arizona) jumping an hour into the future. Thanks for the reminder, Dean.

Elsewhere:

  • Slashdot had a poll, with the haters far outnumbering the lovers. One of the more interesting threads to emerge talks about the potential impact on cron jobs.
  • Two NBA players were benched for not making a morning practice due to daylight saving time change.