Re: security compliance vs. old software versions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Frank Cox wrote:
>
> On Wed, 2010-06-30 at 15:14 -0400, m.roth@xxxxxxxxx wrote:
>> Sorry, you lost me here. I turned off all access to the h/d/ramdisk on
>> the
>> printers, and left it off. This, of course, slows things down a lot,
>> but
>> it's "Secure".
>
> The point is that the security scan is supposed to be verifying that
> your setup is, in fact, secure.  If you change your setup before running
> the scan, and then change it back immediately afterward, how is that
> verifying that your setup is, in fact, secure?  What you scanned != what
> you are actually using.
>
> If your purpose is simply to check off a box on a form, why not just
> write the Sooper Dooper Security Scanner yourself?
<snip>
> You would gain just as much from that as what you're gaining right now,
> and it would take less effort on your part.

Frank, I'm not sure of the object of your part of the conversation, me, or
the security team that I have to deal with. I'm also feeling as though
we're talking past each other. They ran the scan. My manager handed the
response handling of it to me. As part of what I did, I had to turn off
the laser printers access to their own h/d/ramdisk, thus afflicting the
printers. I did not turn the access back on, so some of the capabilities
and speed of these printerSSS is utterly wasted, and for what? Someone
might get through the gov't firewall, and fill up the h/d on the printer?
Someone might run the trays out of paper?

To me, this indicates that they have *no* concept of what they're
requiring, that they've included treating printers as though they were
servers or workstations.

But then, they also had problems with several servers that another admin
takes care of, complaining that they could allow certain kinds of access,
which would be true of any *Nix variant... but don't exactly work in VMS.
One size of security does *not* fit all.

       mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux