[CentOS] security compliance vs. old software versions

John Jasen jjasen at realityfailure.org
Wed Jun 30 21:13:40 UTC 2010 

m.roth at 5-cent.us wrote:
> Frank Cox wrote:
>> On Wed, 2010-06-30 at 15:14 -0400, m.roth at 5-cent.us wrote:
>>> Sorry, you lost me here. I turned off all access to the h/d/ramdisk on
>>> the
>>> printers, and left it off. This, of course, slows things down a lot,
>>> but
>>> it's "Secure".
>> The point is that the security scan is supposed to be verifying that
>> your setup is, in fact, secure.  If you change your setup before running
>> the scan, and then change it back immediately afterward, how is that
>> verifying that your setup is, in fact, secure?  What you scanned != what
>> you are actually using.
>>
>> If your purpose is simply to check off a box on a form, why not just
>> write the Sooper Dooper Security Scanner yourself?
> <snip>
>> You would gain just as much from that as what you're gaining right now,
>> and it would take less effort on your part.
> 
> Frank, I'm not sure of the object of your part of the conversation, me, or
> the security team that I have to deal with. I'm also feeling as though
> we're talking past each other. They ran the scan. My manager handed the
> response handling of it to me. As part of what I did, I had to turn off
> the laser printers access to their own h/d/ramdisk, thus afflicting the
> printers. I did not turn the access back on, so some of the capabilities
> and speed of these printerSSS is utterly wasted, and for what? Someone
> might get through the gov't firewall, and fill up the h/d on the printer?
> Someone might run the trays out of paper?
> 
> To me, this indicates that they have *no* concept of what they're
> requiring, that they've included treating printers as though they were
> servers or workstations.

Forgive the minor nit, and hopefully not continuing the talking past
each other, but modern printers have more computer resources than a
smart phone, and the embedded OS is either equally as complex or an
embedded braindead version of Windows.

In other words, they are assets worth protecting.

-- 
-- John E. Jasen (jjasen at realityfailure.org)
-- "Deserve Victory." -- Terry Goodkind, Naked Empire

More information about the CentOS mailing list