Mailinglist Archive: opensuse (3605 mails)
| < Previous | Next > |
Re: [SLE] laptop security -- physical security
- From: "Bryan J. Smith" <b.j.smith@xxxxxxxx>
- Date: Fri, 16 Jun 2006 18:27:22 -0400
- Message-id: <1150496842.6698.230.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
On Fri, 2006-06-16 at 14:51 -0700, kai wrote:
> I'd highly suggest bolting it down to the desk. That usually works fine.
> At least you won't get in the news like the US Department of Defense.
I 100% agree! Physical, physical, physical!
It takes no less than a dozen meetings, arguments and, sometimes, even
threats, but anytime someone talks about not having separate, physical
networks, wants portable computers or "remote administration" I take the
keyboard to them.
- You will put that financial back-end on a dedicated, non-Internet
connected network.
- You will not put any classified information on the non-classified
network
- You will go into a secured room with sign-in/out to administer it and
I will _not_ allow you to remotely administer from a non-secured area
I have spent my career working on US DoD classified programs and in
major, major US financial institutions that handle a significant number
of our nation's transactions. Management will argue cost, support
issues, etc... and you have to tell them they are wrong, wrong, wrong
repeatedly. And I am not afraid to say it to their face -- "You might
get a bonus now for saving money, but someone else will be cleaning up
the mess a few years from now after you've been promoted."
Now I can't talk about their stupidity, collectively or otherwise,
because of various agreements I have signed. ;->
But more publicly, Ohio's First Energy is a perfect example of a chronic
screw-up.
Their IT -- despite complaints of plant engineers -- allowed their
control systems networks to be tied into their general networks for
"support purposes." So when a worm came through it overloaded First
Energy's control systems and they couldn't provide necessary standby
power to the grid. It significantly contributed to the NE US / southern
Canadian black-out a few years ago.
And what's worse is that the same issue took down a First Energy's
nuclear power plant control system just 6 months earlier (luckily it
wasn't producing power, but was in test).
Physical, physical, physical security.
--
Bryan J. Smith Professional, technical annoyance
mailto:b.j.smith@xxxxxxxx http://thebs413.blogspot.com
----------------------------------------------------------
The existence of Linux has far more to do with the breakup
of AT&T's monopoly than anything Microsoft has ever done.
--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx
> I'd highly suggest bolting it down to the desk. That usually works fine.
> At least you won't get in the news like the US Department of Defense.
I 100% agree! Physical, physical, physical!
It takes no less than a dozen meetings, arguments and, sometimes, even
threats, but anytime someone talks about not having separate, physical
networks, wants portable computers or "remote administration" I take the
keyboard to them.
- You will put that financial back-end on a dedicated, non-Internet
connected network.
- You will not put any classified information on the non-classified
network
- You will go into a secured room with sign-in/out to administer it and
I will _not_ allow you to remotely administer from a non-secured area
I have spent my career working on US DoD classified programs and in
major, major US financial institutions that handle a significant number
of our nation's transactions. Management will argue cost, support
issues, etc... and you have to tell them they are wrong, wrong, wrong
repeatedly. And I am not afraid to say it to their face -- "You might
get a bonus now for saving money, but someone else will be cleaning up
the mess a few years from now after you've been promoted."
Now I can't talk about their stupidity, collectively or otherwise,
because of various agreements I have signed. ;->
But more publicly, Ohio's First Energy is a perfect example of a chronic
screw-up.
Their IT -- despite complaints of plant engineers -- allowed their
control systems networks to be tied into their general networks for
"support purposes." So when a worm came through it overloaded First
Energy's control systems and they couldn't provide necessary standby
power to the grid. It significantly contributed to the NE US / southern
Canadian black-out a few years ago.
And what's worse is that the same issue took down a First Energy's
nuclear power plant control system just 6 months earlier (luckily it
wasn't producing power, but was in test).
Physical, physical, physical security.
--
Bryan J. Smith Professional, technical annoyance
mailto:b.j.smith@xxxxxxxx http://thebs413.blogspot.com
----------------------------------------------------------
The existence of Linux has far more to do with the breakup
of AT&T's monopoly than anything Microsoft has ever done.
--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx
| < Previous | Next > |