John PescatoreMy daughter is now 19 years old but I’m surprised she made it past three. At various times where I was theoretically in charge of her when she was two years old or younger, the following happened:
- While I was fixing a light switch, and left the door to the basement open for a few seconds, she wheeled her walker thing over to the steps and went tumbling head over heels all the way down.
- After I showed her how to use our bed as a trampoline, she jumped so high she flipped over the bed rail and landed on her head on the hardwood floor.
- Assuming she was right behind me as we left the house to get in the car, I turned around and she was gone. Many minutes later I found her crying about 6 feet in the air on top of the big kids slide we had in the back yard.
Hmm, I started out down this path to point out that most websites are like two-year olds, because if you let your guard down for an instant they will get in trouble. This was just recently pointed out when a hacker compromised 50 web sites of US politicians. Initial claims are that the web site hosting company had briefly made some changes and the attacks succeeded during that window of vulnerability.
My point was to be that, as the SANS survival time index continues to show, the rate of automated vulnerability scanning by bad guys on the Internet is so high that if you take your eye off of the configuration of web servers, they are likely to act like two year olds, run off in unexpected directions and bash their heads – and your wife CEO will get really mad at you.
But now that I look at what I wrote, I think the real point is that most web administrators are really Ted Al Bundy-like sitcom dads, who don’t even have the attention spans to watch their kids, let alone not encourage their kids to do dangerous things. It is really web site administration that is not up to the task – basically, most web admins are like dads who give their kids dry cleaning bags or the Mainway Bag O’ Glass to play with.
The Gartner RN “Web Server Security Hierarchy” is a good starting point for making sure your web servers don’t run out and play in traffic.
Category: Uncategorized Tags:
3 responses so far ↓
1 Amanda January 29, 2010 at 11:30 am
Interesting read although I suspect you meant Al Bundy from “Married with Children” and not Ted Bundy, the serial killer?
2 John Pescatore January 29, 2010 at 11:38 am
Oops, good catch, Amanda. I have edited the post to mention the right Bundy!
3 Tweets that mention Website Security Maturity: Most Websites Are Like Two Year Old Infants -- Topsy.com January 31, 2010 at 6:33 am
[...] This post was mentioned on Twitter by Emeric Izsak, Gutenbyte. Gutenbyte said: Website Security Maturity: Most Websites Are Like Two Year Old Infants: My daughter is now 19 years old but … http://tinyurl.com/yz27t62 [...]
Leave a Comment