Peter Farrow <peter at farrows.org> wrote: > running a consultancy business where time is money, tunring > it off and configuring as we always did before represents the > best technical solution and value for money for my clients. > Those of you who work in big corporates or have time to > experiment with every last detail of SELinux features in a lab > by all means go and do it, here at the coal face its rather > like offering options for window dressing while we are still > building the shop front.... > Turning it off stops all the junk filling up the logs and > allows you to see the real stuff.....and is the best option > for me and my clients, others may have different objectives, > but my machines stay secure without it. Therefore I don't > need it.... period... You brought up an excellent side-point. Consulting. Not just fly-by-night consultants, but their over-expecting clients. Consulting is why the IT infrastructure and security of this country has gone to crap. There is no accountability. There is only the pressure to complete things in unrealistic timeframes. It's why control systems fail at power plants. It's why financial backends are compromised. I've been overridden time and time again on bank systems security designs because it was deemed "unsupportable." Why? Because someone had to physically come over to a secured network. WTF? Sound security policy has been put out-the-window by consulting, support non-sense, etc... You have to "tear it down" so you can "dumb it down" for people. And it happens in the most crucial of our nation's networks. Why? Consultants aren't accountable in most cases. And that's typically because the clients want it done now. -- Bryan J. Smith | Sent from Yahoo Mail mailto:b.j.smith at ieee.org | (please excuse any http://thebs413.blogspot.com/ | missing headers)