Re: Highlighting Security Issues

[Victor Williams <vbwilliams () neb rr com>]

As an addendum to my emotional response to this guy's claim he did 
nothing wrong...

This is typical gov't know-nothing behavior.  If we don't know what it 
is, it must be bad, and we must have been hacked.

I met the chief security officer for the US Dept of Agriculture back in 
2000 (don't know if it's still the same guy), and during discussions 
with him, he was just convinced that dual-homed machines of any sort 
were more able to get hacked than single-homed.  After questioning him 
repeatedly on it, I finally asked the question "Aren't most firewalls 
'dual-homed' machines?  Most all of them have at least 2 NICS--it's a 
requirement..right?  And if so, doesn't the work of the administrator of 
the dual-homed machine ultimately determine it's hackability?"  No 
answer.  He ignored me from that point forward.

It is never assumed that the lower ranks might know what they're doing. 
 It's just assumed that because they get paid less, they don't know 
anything.  In my experience, that's not always the case...but usually. 
I don't doubt that the person here probably knew more technically enough 
to not compromise any machines for *hackers*...whatever that means.  I 
question his motives for doing so...and in questioning those motives, I 
guess I don't see his documenting having any technically sound 
proof...which is why I contended that he wasn't that technically savvy 
to be trying to find any *proof* of anything on anyone, and that upper 
management also seems to be pretty clueless.  It's a vicious circle in 
my opinion.  Clueless people beating up clueless people.  It will never 
end...not as long as the lowest bidder always wins--which is what gov't 
is built around.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards