Re: security compliance vs. old software versions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Frank Cox wrote:
>
> On Wed, 2010-06-30 at 10:10 -0400, m.roth@xxxxxxxxx wrote:
>> I understand that. We had a scan a few months ago (and they're about to
>> do it again), and to satisfy it, I had to turn off the h/d/ramdisks in
>> our laser printers....
>
> What is the point of doing a security scan under conditions that are not
> actually "live"?
>
> It sounds like moving the flammable materials out before a fire
> inspection, then moving them right back in when the inspector leaves.

Sorry, you lost me here. I turned off all access to the h/d/ramdisk on the
printers, and left it off. This, of course, slows things down a lot, but
it's "Secure".

Right.
>
> What is gained?  You're no more secure than you were before the
> inspection, and and you're no longer running what you had running during
> the inspection.

They're scanning mostly based on WinDoze, and too many of them don't
actually understand what they're looking for, and certainly they have
*NOT* thought about what they're asking. For that matter, IMO, they didn't
even read the results of their scans, just forwarded a large mass of
everything that "didn't pass" to the general group responsible (or rather,
they didn't even break it up to each group, just a large mess; they didn't
even pay attention to what was desktop support, which is closer to being
under them, directly).

Mostly for show, on their part, to look like they're Doing Something.

           mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux