This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners sound off on key information security issues."
Download it now to read this article plus other related content.
a personal history lesson
I learned a lot about security and the patch management process during those days, patching NT servers at 3 a.m. and praying for the servers to come back online after the restart. Backups were done once a week if at all, and offsite tape storage was just a fantasy.
Information services on the Web were just starting too. A few forums were available about security, and people were talking about how the Ping of Death can bring systems down if SP4 for NT hadn't been applied. At that point we all started deploying service packs, and our transition to full-time paranoia mode was complete.
These days of course, you would not even consider connecting your box to a production network unless it had the latest service pack, patches, antispyware, antivirus, a firewall, and was properly maintained.
Today we have more reliable OSes. We have patching solutions that scan and patch thousands of servers, compliance tools, auto-update antivirus, group policies that secure the servers, firewalls and IDS. We have rootkit detection, daily backups, off-site storage, books, forums, blogs and more. And still, you'll never have a 100 percent secure box, unless of course the network
| cable is
Security is a never-ending story. It changes and mutates, gets better, faster, more complicated and fun. Sometimes, though, I miss the old BBS days.
This was first published in October 2008