Frank Cox wrote:
On Wed, 2010-06-30 at 15:14 -0400, m.roth@5-cent.us wrote:
Sorry, you lost me here. I turned off all access to the h/d/ramdisk on the printers, and left it off. This, of course, slows things down a lot, but it's "Secure".
The point is that the security scan is supposed to be verifying that your setup is, in fact, secure. If you change your setup before running the scan, and then change it back immediately afterward, how is that verifying that your setup is, in fact, secure? What you scanned != what you are actually using.
If your purpose is simply to check off a box on a form, why not just write the Sooper Dooper Security Scanner yourself?
<snip>
You would gain just as much from that as what you're gaining right now, and it would take less effort on your part.
Frank, I'm not sure of the object of your part of the conversation, me, or the security team that I have to deal with. I'm also feeling as though we're talking past each other. They ran the scan. My manager handed the response handling of it to me. As part of what I did, I had to turn off the laser printers access to their own h/d/ramdisk, thus afflicting the printers. I did not turn the access back on, so some of the capabilities and speed of these printerSSS is utterly wasted, and for what? Someone might get through the gov't firewall, and fill up the h/d on the printer? Someone might run the trays out of paper?
To me, this indicates that they have *no* concept of what they're requiring, that they've included treating printers as though they were servers or workstations.
But then, they also had problems with several servers that another admin takes care of, complaining that they could allow certain kinds of access, which would be true of any *Nix variant... but don't exactly work in VMS. One size of security does *not* fit all.
mark