[CentOS] SELinux threads, cynicism, one-upmanship, etc.

Thu Nov 17 18:08:44 UTC 2005
Bryan J. Smith <thebs413 at earthlink.net>

Peter Farrow <peter at farrows.org> wrote:
> running a consultancy business where time is money, tunring
> it off and configuring as we always did before represents
the
> best technical solution and value for money for my clients.
> Those of you who work in big corporates or have time to
> experiment with every last detail of SELinux features in a
lab
> by all means go and do it, here at the coal face its rather
> like offering options for window dressing while we are
still
> building the shop front....
> Turning it off stops all the junk filling up the logs and
> allows you to see the real stuff.....and is the best option
> for me and my clients, others may have different
objectives,
> but my machines stay secure without it.  Therefore I don't
> need it.... period...

You brought up an excellent side-point.  Consulting.  Not
just fly-by-night consultants, but their over-expecting
clients.

Consulting is why the IT infrastructure and security of this
country has gone to crap.  There is no accountability.  There
is only the pressure to complete things in unrealistic
timeframes.

It's why control systems fail at power plants.
It's why financial backends are compromised.

I've been overridden time and time again on bank systems
security designs because it was deemed "unsupportable."  Why?
 Because someone had to physically come over to a secured
network.  WTF?

Sound security policy has been put out-the-window by
consulting, support non-sense, etc...  You have to "tear it
down" so you can "dumb it down" for people.  And it happens
in the most crucial of our nation's networks.

Why?  Consultants aren't accountable in most cases.  And
that's typically because the clients want it done now.


-- 
Bryan J. Smith                | Sent from Yahoo Mail
mailto:b.j.smith at ieee.org     |  (please excuse any
http://thebs413.blogspot.com/ |   missing headers)