[CentOS] security compliance vs. old software versions

Thu Jul 1 00:54:46 UTC 2010
John Jasen <jjasen at realityfailure.org>

m.roth at 5-cent.us wrote:
> John Jasen wrote:
>> m.roth at 5-cent.us wrote:
>>> Frank Cox wrote:
>>>> On Wed, 2010-06-30 at 15:14 -0400, m.roth at 5-cent.us wrote:
>>>>> Sorry, you lost me here. I turned off all access to the h/d/ramdisk on
>>>>> the printers, and left it off. This, of course, slows things down a lot,
>>>>> but it's "Secure".
> <snip>
>> Forgive the minor nit, and hopefully not continuing the talking past
>> each other, but modern printers have more computer resources than a
>> smart phone, and the embedded OS is either equally as complex or an
>> embedded braindead version of Windows.
>>
>> In other words, they are assets worth protecting.
> 
> So, you're saying protection is more important than having them usable for
> the folks whose use they were bought for? You're saying that we should
> just get rid of them, and buy less capable printers that can't do as much?
> Even when the only way to get to the existing printers is from a system
> that's *inside* the firewall, and on our network? Hey, how 'bout I just
> unplug them from the network altogether? They'll be doorstops, but they'll
> be "secure".

Well, I'm a security admin, so of course protection is more important
than utility! :)

But seriously, the assessment tools provide information on your
environment, based on certain standard metrics. Its (HOPEFULLY! PCI
compliance notwithstanding ....) up to the people who end up reading
them to fix the environment, determine that its not a problem, or accept
the risk that was discovered.

-- 
-- John E. Jasen (jjasen at realityfailure.org)
-- "Deserve Victory." -- Terry Goodkind, Naked Empire