[CentOS] security compliance vs. old software versions
m.roth at 5-cent.us
m.roth at 5-cent.us
Wed Jun 30 19:14:24 UTC 2010
Frank Cox wrote:
>
> On Wed, 2010-06-30 at 10:10 -0400, m.roth at 5-cent.us wrote:
>> I understand that. We had a scan a few months ago (and they're about to
>> do it again), and to satisfy it, I had to turn off the h/d/ramdisks in
>> our laser printers....
>
> What is the point of doing a security scan under conditions that are not
> actually "live"?
>
> It sounds like moving the flammable materials out before a fire
> inspection, then moving them right back in when the inspector leaves.
Sorry, you lost me here. I turned off all access to the h/d/ramdisk on the
printers, and left it off. This, of course, slows things down a lot, but
it's "Secure".
Right.
>
> What is gained? You're no more secure than you were before the
> inspection, and and you're no longer running what you had running during
> the inspection.
They're scanning mostly based on WinDoze, and too many of them don't
actually understand what they're looking for, and certainly they have
*NOT* thought about what they're asking. For that matter, IMO, they didn't
even read the results of their scans, just forwarded a large mass of
everything that "didn't pass" to the general group responsible (or rather,
they didn't even break it up to each group, just a large mess; they didn't
even pay attention to what was desktop support, which is closer to being
under them, directly).
Mostly for show, on their part, to look like they're Doing Something.
mark
More information about the CentOS
mailing list