bloomberg on supermicro: sky is falling
Lee
ler762 at gmail.com
Wed Oct 10 18:19:08 UTC 2018
On 10/10/18, Mike Hale <eyeronic.design at gmail.com> wrote:
> To be fair, the idea that your security costs shouldn't outweigh
> potential harm really shouldn't be controversial. You don't spend a
> billion dollars to protect a million dollars worth of product.
The problem with that idea is that it's almost always implemented as
your security costs shouldn't outweigh _your_ potential harm
Regards,
Lee
> On Wed, Oct 10, 2018 at 10:54 AM Naslund, Steve <SNaslund at medline.com>
> wrote:
>>
>> Mr Herrin, you are asking us to believe one or all of the following :
>>
>> 1. You believe that it is good security policy to NOT have a default DENY
>> ALL policy in place on firewalls for DoD and Intelligence systems handling
>> sensitive data.
>>
>> 2. You managed to convince DoD personnel of that fact and actually got
>> them to approve an Authorization to Operate such a system based on cost
>> savings.
>>
>> 3. You are just trolling to start a discussion.
>>
>> The reason I asked what system it is would be to question the authorities
>> at DoD on who and why this was approved. If you don't want to disclose
>> that then you are either trolling or don't want anyone to look into it.
>> It won't be hard to determine if you actually had any government contracts
>> since that is public data. There are very few systems whose EXISTENCE is
>> actually classified, but you were the one that cited it as an example
>> supporting your policy. If you cannot name the system then it doesn't
>> support your argument very well does it. Completely unverifiable.
>>
>> In any case I believe the smart people here on NANOG can accept or reject
>> your security advice based on the factors above. I'm done talking about
>> this one.
>>
>> Steven Naslund
>>
>>
>> >> Want to tell us what system this is?
>>
>> >Yes, I want to give you explicit information about a government system
>> >in this public forum and you should encourage me to do so. I thought
>> >you said you had some skill in the security field?
>> >
>> >Regards,
>> >Bill Herrin
More information about the NANOG
mailing list