[Previous] [Next] [Index]
[Thread]
RE: BoS: CERT Advisory CA-96.11 - Interpreters in CGI bin Directories
At 09:40 01/06/96 -0400, Paul G. Seldes wrote:
>Unfortunately you're quite right. We're in the security business and are a
large systems integrator. All too many of our clients (surprisingly large
corporations too!) are running Web servers outside of any "trained" systems
groups. Too many WEB servers are badly configured, have WIDE security holes
and are not really understood by the staff running them.
>Each day I'm amazed.
>-----------------------------------------
Paul and Paul,
The amazement is that what you may have spent years winning through
difficult experience is not immediately obvious to the new Web
administrators. Altavista now says that it has indexed 225,000 web servers.
That means that this knowledge needs to be multiplied quickly.
I am a web administrator for two sites and a consultant to others. Where
would you recommend that I send my clients (and myself) to read up on the
current state of the art in WWW security. Obviously Lincoln's fine FAQ is a
start! Is there anyone out there developing a course (or self paced on-line
courseware) to train new users and administrators on security issues.
It seems to me that safe surfing is getting like safe sex, you need to know
the risks and the methods of prevention *before* you are going to change
your own behavior. Unfortunately we need to get out the word to 225,000-plus
places today.
This list is a good start, please some pointer for further and future refernece.
David Petraitis
MarĪ Conseil
Marketing and Re-engineering
ch. Sous les Roches
1264 St-Cergue, Switzerland
Telephone: +41-22-360-3181
DavidP@mare.ch
http://www.mare.ch/