Re: Rather funny; looks like page defacement to me

Unfortunately this message seems to indicate that I said that sysadmins who didn't understand TCP/IP were dolts. It was actually the person who was quoting me. What I said in the first place is that foisting IDS systems are sysadmins who have too many other things to do is a costly mistake. Either the company has to hire a costly IDS expert or they have an IDS that provides no value to them.

• Original Message ----- From: "Paul Schmehl" <pauls@utdallas.edu> To: <miburo@singnet.com.sg>; <broyds@rogers.com> Cc: <focus-ids@securityfocus.com> Sent: Tuesday, June 17, 2003 10:54 AM Subject: Re: Rather funny; looks like page defacement to me

I'm not picking on you. You just happened to be the one that articulated it, OK?

I see this attitude a lot, and it troubles me a great deal. I think all too often we "IT people" get isolated from the real world and think that everyone else should be just like us.

An admin who doesn't know TCP/IP? There are many. The norm in most small companies is to "promote" the "computer guy" to the IT slot when they can afford one (and often when they can't afford one this person works "part-time" in computers.) Oftentimes this guy (or gal) just knows more about computers than most people in the office, but they're a long way from trained on networking and TCP/IP, security, etc.

Yet they are expected to perform and "get the job done" without any training or preparation. They spend many sleepless nights reading books, trying to learn the myriad of things that they have to know to protect their companies. On top of all that pressure, they have the pressure from their *peers* constantly denigrating them because they don't know enough.

When is the last time *you* took time to teach someone who was less knowledgeable than you? When is the last time *you* were responsible for *everything*? Mail, web, DNS, networking, routers, switches, wiring, IDS, firewall, virus protection, OS updates and patches, backups, disaster recovery, printers, faxes, applications, hardware repairs, etc., etc.? Most of these folks are doing *all* of that, *by themselves*, because that's *all* their companies can afford. And they're doing yeoman duty for 2/3rds the pay that the high-paid pros are.

I took on the task of trying to help one of these types of people (because he emailed me privately with a question about snort), and I quickly realized what a daunting task it is for him. He had to learn Unix, mysql, snort, apache, sendmail and TCP/IP all at the same time. Yet he tackled it with enthusiasm and he's making great progress.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

He's the "computer guy" in a small architectural firm, and he got the job because he was constantly helping people in the office who had computer problems. Once they decided they *had* to have an Internet presence, he was tapped for the job.

If you want our profession to improve, the onus is on *you* to do something about it. Criticism is easy. Anybody can do that. Teaching others what you know and helping them get up to speed is much more difficult and time consuming. It's also a great deal more fulfilling *and* humbling. There's no better way of realizing the gaps in your own knowledge than trying to teach someone else.

Instead of wallowing in your smug self-righteousness, going home after work and complaining about "them", get out there and make a friend. Teach one of those poor "draftees" how to protect their enterprise. (Trust me, they're no threat to you professionally.)

--On Sunday, June 15, 2003 12:02:02 PM +0800 Callan K L Tham <miburo@singnet.com.sg> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

---
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training
sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's
to
"underground" security specialists.  See for yourself what the buzz is
about!
Early-bird registration ends July 3.  This event will sell out.
www.blackhat.com
----------------------------------------------------------------------------
---


-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------