LISTSERV - HP3000-L Archives

HP3000-L Archives

February 2000, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L February 2000, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Unix or NT vs. MPE costs
From:	Peter Chong <[log in to unmask]>
Reply To:	Peter Chong <[log in to unmask]>
Date:	Fri, 25 Feb 2000 14:03:00 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (52 lines)

"Nice and very timely article on 
SQL Server security, in particular the common issue of either 
forgetting or neglecting to set an sa password. We recently showed a 
client how wide open its e-commerce database was. The database used a 
combination of Remote Data Services (RDS) -- basically ODBC over Port 
80, installed by default with NT Option Pack -- and a SQL Server with 
no sa password applied. This SQL Server was actually behind a Cisco PIX 
firewall and had an unpublished IP address, so it wasn't directly Web-
accessible. However, it's often simply a matter of using RDS to get 
into a Web box over Port 80, then knowing or guessing a DSN name, SQL 
Server name, or its internal IP to get to a back-end SQL Server. In 
this case, thousands of credit cards were exposed--not to mention that 
with sa permissions, you can run xp_cmdshell, delete files, map shares 
to other machines, etc."

How much for thousand of Credit Cards ??? or your company Information???

Cheers


Peter Chong
Sr. ERP/MRP Analyst.
L3 Communications
714.956.9200 x 363
http://www.powerparagon.com

>>> Wirt Atmar <[log in to unmask]> 02/25/00 11:30AM >>>
Art asks:

> We may be migrating some of our software from MPE/iX to Unix or Windows NT
> server in the near future.  Right now I am the sole support person for our
HP
> 3000 and 65+ desktop PCs.  I have some outside assistance supporting our
> NetWare 4.11 file server.  I feel that I will probably need additional
staff
> when the new server is brought online (possibly as soon as summer) but,
since
> I have little Unix experience and zero NT server experience, I have no idea
> how much time/effort is required to support such a system.

Jim Byrne wrote the following about three or four years ago. I liked the
quote so much that I recorded it. Unfortunately, I didn't save the whole
e-mail:

"I run HP3000's, an HP9000/8xx server, a number of WinNT 3.51 WS and a clutch
of Win95 WS. Of the four groups of machines, my time in support breaks down
roughly like this: 10%, 60%, 10%, 20%. Notice who gets the biggest chunk?...
Now, the HP3000 is by far and away the most important machine of the group.
It runs the entire company. The thing is, it just doesn't need me."

Wirt Atmar

ATOM RSS1 RSS2

RAVEN.UTC.EDU