bloomberg on supermicro: sky is falling

William Herrin bill at
Wed Oct 10 15:09:39 UTC 2018

On Wed, Oct 10, 2018 at 10:22 AM Naslund, Steve <SNaslund at> wrote:
> Allowing an internal server with sensitive data out to "any" is
> a serious mistake and so basic that I would fire that contractor
> immediately (or better yet impose huge monetary penalties.
>  As long as your security policy is defaulted to "deny all" outbound
> that should not be difficult to accomplish.

Hi Steve,

I respectfully disagree.

Deny-all-permit-by-exception incurs a substantial manpower cost both
in terms of increasing the number of people needed to do the job and
in terms of the reducing quality of the people willing to do the job:
deny-all is a more painful environment to work in and most of us have
other options. As with all security choices, that cost has to be
balanced against the risk-cost of an incident which would otherwise
have been contained by the deny-all rule.

Indeed, the most commonplace security error is spending more resources
securing something than the risk-cost of an incident.  By voluntarily
spending the money you've basically done the attacker's damage for

Except with the most sensitive of data, an IDS which alerts security
when an internal server generates unexpected traffic can establish
risk-costs much lower than the direct and indirect costs of a deny-all

Thus rejecting the deny-all approach as part of a balanced and well
conceived security plan is not inherently an error and does not
necessarily recommend firing anyone.

Bill Herrin

William Herrin ................ herrin at  bill at
Dirtside Systems ......... Web: <>

More information about the NANOG mailing list