THE OFFICIAL BLOG OF THE SBS "DIVA"

You know what gets tiring on some listserves that have a security focus?  The religious wars.  The “my software is better than your software” stuff.  The the whole “I don't want to pay for software” or the “we use open source software because it's free”.

Nothing in life is free, or so my Mother told me. 

Maybe I”m the weird one, I don't know...but the idea that I'm going to trust my business to “software by a volunteer committee” or something somone downloaded for free it just slightly freaks me out.  I have to stop and make a business risk decision regarding my choices.  I guess it's because I've been on volunteer committees and ...well.... I know how they work.  There are times I've been on committees that it is really excellent people and really the people that should be at the table are indeed at the table.  And then I've been on other less structured committees and ...well...the people that end up at the meeting table are just the people that showed up.  In my own City where I live where the people that show up day in and day out at the Council meetings, that give feedback regularly, that give input to the Council meeting...well that's their life.  That's all they do.  And they don't live in the real world enough to bring that view to the table.  They are just 'there'.  They just show up. 

The reality for today's business world is that we need a blend of tools.

Many argue that the active directory structure of Microsoft [especially in Windows 2003] hands down is better than other platforms to give a firm control.

Many argue that the desktop permission structure in other platforms, both Mac and Linux is more superior. [Well at least they are better at forcing their vendors to code appropriately anyway]

Arguably the platform with more forensic tools and distributions [KnoppixSTD and the like] is Linux.

As a business owner if I were picking an operating system based on “free“, you'd still see me at the checkout stand buying Novell's SuSe distribution.  Why?  Because I want an organization behind what I deploy.  I want support.  Don't get me wrong ...the community support of SBS is fabulous...but at the end of the day if there something amiss with my system, I want someone at the other end of a phone line that I can talk to.  I want someone who's made it their career and not a hobby to support the platform.  I want an operating system...no matter what the brand.....built by a person who has a vested interest in that platform from a career standpoint. 

Sometimes the decisions that come out of committees don't end up always the greatest decisions.  Look at our Congress for evidence of that [need I say more?].  The manuvering and deal making to get some of these decisions out the door is just crazy.  Yeah, big businesses can have just as much politics as Congress going on some times, but I still just have a lot warmer, fuzzier feeling about buying the things my business depends on. 

The funny thing I find when the “religious wars“ start up is NEITHER side knows enough about the other one to make reasonable arguments regarding their position worth a darn.  Windows NT is dead.  If you are still having to support NT, 98, 95 or ME I'm real sorry for you but stop using it as a benchmark. 

The next problem we admins have is not knowing.  It's getting to the point these days in the Server platform that we're getting like the Office platform.  “I want the OS to do this“..... “uh...it does that.“ 

I think some of this comes down to not taking the time to learn.  You know the guy who found that Sony Rootkit?  He wrote a book.  Windows Internals.  And what's the stereotype for the average IT person?  We don't read.  

I'll bet many of this blog have not read or know and I'll bet little of us out here use some of the following:

• Software restriction policies - want to restrict what software users load up?
• IPSec - want to ensure that only computers you want talk/connect/link up with the computers you want?
• Group Policy - control desktops, what the user gets to use, lock down IE, control the firewall...
• Windows 2003 Security guide - and if you are looking for a “click here and secure me“ ..this is a learn more about your system..the point is to this guide is that YOU have to understand your system to make the choices

Someone in a listserve today said they liked a certain vendors setup because it didn't rely on agents but rather forced you into better understanding the foundations of what you were setting up... ISA 2004, IIS, Windows 2003 server and XP sp2.  He said he prefered that over 'agent based' because it masked and made you not understand the foundations of the network you were setting up. 

It's funny isn't it?  Technology wars have parallels with human ones.  I think if all of us took a bit more time to learn, to understand, to find out more about the other guy, the other platform, the other technology, we'd stop these silly arguments and start fighting the real enemy. 

So my challenge for you this weekend is as follows.....Don't just read Mark Russinovich's blog about the Rootkit issue, download one of the free tools from the Sysinternals site.  Learn what it does.  Peek under the hood of the operating system.  Go read a book or two.  Listen to a podcast or two.  But lay down the weapons shall we?  Because as a small business owner, we don't necessarily care what you recommend, we just want you to listen to us, pick the solution that will best fit our needs and then we want you to know it.