Sunday, October 12, 2008

Apocalyptic Vulnerability Percentages - FUD 101

While reading RSnake's latest post, I cannot escape the feeling that he's in a very gloomy mood today. His advice:

"The truth is, if you have something interactive connected to the
Internet, it's probably exploitable in some way, and really, it's not
that terrible of a thought considering it's pretty much always been
that way."

As gloomy as that may sound, it is something that I run into regularly.

Too many people assume that the next new (web) app that is getting deployed 1) is absolutely essential for the continuity of the company and 2) must run on an internet-facing web server.

Air-gapping  a system is probably not that feasible in this day and age (although I still see self-contained networks with only a dial-out modem that gets unplugged when not in use), but using common sense when deciding on the visibility of a system can never hurt!



No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.