[108512] in North American Network Operators' Group
Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Oct 7 15:01:00 2008
To: "J. Oquendo" <sil@infiltrated.net>
In-Reply-To: Your message of "Tue, 07 Oct 2008 13:23:20 CDT."
<20081007182320.GA63228@infiltrated.net>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 07 Oct 2008 14:59:33 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1223405973_2912P
Content-Type: text/plain; charset=us-ascii
On Tue, 07 Oct 2008 13:23:20 CDT, "J. Oquendo" said:
> Contractors should be held accountable for breaches in an
> infrastructure. Before awarding a contract, I would do my best
> to have the wording changed from "minimum requirements" to
> securest implementation. Whether this securest implementation
> took 5 new engineers to give a closer review, so be it.
You don't want "the securest implementation". You want one that's
"secure enough" while still allowing the job to get done. You also don't
want to be *paying* for more security than you actually need. Note that
the higher price paid to the vendor isn't the only added cost of too much
security.
(Consider - the *securest* firewall is a true airgap, where files are
dropped on one side, and then must be manually vetted, copied to media,
and physically transferred to the other side. Feel free to try to deploy
a webserver in that environment - on *either* side of the airgap....)
--==_Exmh_1223405973_2912P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFI67GVcC3lWbTT17ARAnOrAJ9SLfHu/KfLpecH6bOZUmo6KK6HXQCeJ2O4
nLE1HEqJj9E/j7S/U46WpAI=
=K/R7
-----END PGP SIGNATURE-----
--==_Exmh_1223405973_2912P--
