[116374] in North American Network Operators' Group
Re: Fwd: Dan Kaminsky
daemon@ATHENA.MIT.EDU (Paul Vixie)
Mon Aug 3 11:30:56 2009
To: nanog@merit.edu
From: Paul Vixie <vixie@isc.org>
Date: Mon, 03 Aug 2009 15:30:34 +0000
In-Reply-To: <4A722FFA.9080905@gmail.com> (William Allen Simpson's message of
"Thu\, 30 Jul 2009 19\:42\:50 -0400")
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
William Allen Simpson <william.allen.simpson@gmail.com> writes:
> Are we paying enough attention to securing our systems?
almost certainly not. skimming RFC 2196 again just now i find three things.
1. it's out of date and needs a refresh -- yo barb!
2. i'm not doing about half of what it recommends
3. my users complain bitterly about the other half
in terms of cost:benefit, it's more and more the case that outsourcing looks
cheaper than doing the job correctly in-house. not because outsourcing *is*
more secure but because it gives the user somebody to sue rather than fire,
where a lawsuit could recover some losses and firing someone usually won't.
digital security is getting a lot of investor attention right now. i wonder
if this will ever consolidate or if pandora's box is just broken for all time.
--
Paul Vixie
KI6YSY
