nanog mailing list archives

Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)

From: Valdis.Kletnieks () vt edu
Date: Tue, 07 Oct 2008 14:59:33 -0400

On Tue, 07 Oct 2008 13:23:20 CDT, "J. Oquendo" said:

Contractors should be held accountable for breaches in an
infrastructure. Before awarding a contract, I would do my best
to have the wording changed from "minimum requirements" to
securest implementation. Whether this securest implementation
took 5 new engineers to give a closer review, so be it.


You don't want "the securest implementation".  You want one that's
"secure enough" while still allowing the job to get done.  You also don't
want to be *paying* for more security than you actually need.  Note that
the higher price paid to the vendor isn't the only added cost of too much
security.

(Consider - the *securest* firewall is a true airgap, where files are
dropped on one side, and then must be manually vetted, copied to media,
and physically transferred to the other side.  Feel free to try to deploy
a webserver in that environment - on *either* side of the airgap....)

Attachment: _bin
Description:

Current thread:

Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0), (continued)
- - - Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) J. Oquendo (Oct 07)
    - Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) Valdis . Kletnieks (Oct 07)
    - Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) Sean Donelan (Oct 07)
    - Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) Steven M. Bellovin (Oct 07)
    - Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) Valdis . Kletnieks (Oct 07)
    - Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) Paul Ferguson (Oct 07)
    - Re: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) Marshall Eubanks (Oct 07)
    - Re: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) Paul Ferguson (Oct 07)
    - Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) Gadi Evron (Oct 07)
    - Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) J. Oquendo (Oct 07)
    - Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) Valdis . Kletnieks (Oct 07)
    - Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) Sean Donelan (Oct 09)
    - Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) Jean-François Mezei (Oct 07)
    - RE: Fwd: cnn.com - Homeland Security seeks cyber counterattacksystem(Einstein 3.0) Tomas L. Byrnes (Oct 07)
    - RE: Fwd: cnn.com - Homeland Security seeks cyber counterattacksystem(Einstein 3.0) Howard C. Berkowitz (Oct 07)
    - Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) Patrick Darden (Oct 07)
- Re: cnn.com - Homeland Security seeks cyber counterattack system (Einstein 3.0) William Hamilton (Oct 06)
  - Re: cnn.com - Homeland Security seeks cyber counterattack system (Einstein 3.0) Steve Church (Oct 06)
    - RE: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) Howard C. Berkowitz (Oct 06)
    - Re: cnn.com - Homeland Security seeks cyber counterattack system (Einstein 3.0) Paul Ferguson (Oct 06)
  - Re: cnn.com - Homeland Security seeks cyber counterattack system (Einstein 3.0) Jean-François Mezei (Oct 06)

(Thread continues...)