Re: DHS need to get on top of this right now

[Valdis.Kletnieks () vt edu]

On Wed, 24 Oct 2007 17:32:04 BST, worried security said:
> The DHS need to ban ISP's from talking about infrastructure security in
> public places. it should be classified information don't you all think?

Please note a few things:

1) The level of detail actually discussed on NANOG comes nowhere *close*
to giving "the bad guys" anything *useful*.

2) Somebody at GMU already did a grad-school thesis about this subject,
at a level of detail that *was* worrysome for many.  The fact that with
that amount of hints, you should be able to Google up the student's name
and the date of the thesis, should tell you something about barn doors.

3) If in fact you classified the information, then you'd hit a *very* big
snag - you then need to treat it as classified information, with all the
attendant details.  Background checks for all of your NOC staff *over and
above* what you already do, you can't give the information to your customers,
and so on.

Though it *does* keep the phone from ringing off the hook if you can't
tell your customers your NOC phone number because it's classified....

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/