Re: Breach of Homeland Security Background Checks Raises Red Flags

[Rich Kulawiec <rsk () gsp org>]

On Tue, Aug 26, 2014 at 11:30:39PM -0400, Jeffrey Walton quoted:
> As Dakin sees it, the fact that the agency doesn't know that could be
> an indication that its networking monitoring -- especially as it
> relates to data exfiltration -- is lacking.

I see a more fundamental problem: why is this data on an Internet-connected
network?  Ever?

Given that it takes on the order of months for the security clearance
process to play out, I have to wonder why data isn't transferred on
as-needed basis via encrypted media on sneakernet using couriers with
suitable escorts in order to completely alleviate the need to expose it
to the Internet.  Surely a one or two day delay would be inconsequential
in terms of the length of the overall process.

---rsk

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.