[181247] in North American Network Operators' Group
Re: OPM Data Breach - Whitehouse Petition - Help Wanted
daemon@ATHENA.MIT.EDU (Jim Popovitch)
Fri Jun 19 10:30:19 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <03fe5e33930b416c9a1f5ec60d469d34@BRTEXMB02.phillips66.net>
Date: Fri, 19 Jun 2015 10:12:17 -0400
From: Jim Popovitch <jimpop@gmail.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Fri, Jun 19, 2015 at 9:55 AM, Darden, Patrick <Patrick.Darden@p66.com> w=
rote:
> Good point. It's a massive job, and sometimes it is best to look at thos=
e piecemeal. Start with small goals, and pick low hanging fruit--your exam=
ple of the server room is good. Set it up with and IDS, a firewall, harden=
the hosts by turning off/removing unused/unneeded services, setting up tri=
pwire, and encrypt all data on the drives, then look to password policy enf=
orcement. Then start actively securing it (monthly audits, daily log check=
s, etc.). Doable. Then pick the next lowest hanging fruit and repeat.
You left out:
Formulate Bid Solicitation team
Procure funding for Bid Solicitation team
Request Congressional approval for Bid Solicitation team
Request funding for team to win Congressional approval of Bid
Solicitation team
Receive first round funding for team to win Congressional approval.....
Director retires, project status in limbo
New round of higher funding sought
Congressional recess, projects in limbo
Bid process begins, 3 of 4 are non-GSA and require further funding
for new approval process
After 2 years of paperwork, initial funding for 2 year old IDS
v1.1 (that's what was approved!) is approved.
repeat, ad nauseam
-Jim P.
