RE: OPM Data Breach - Whitehouse Petition - Help Wanted

["Darden, Patrick" <Patrick.Darden () p66 com>]

Good point.  It's a massive job, and sometimes it is best to look at those piecemeal.  Start with small goals, and pick 
low hanging fruit--your example of the server room is good.  Set it up with and IDS, a firewall, harden the hosts by 
turning off/removing unused/unneeded services, setting up tripwire, and encrypt all data on the drives, then look to 
password policy enforcement.  Then start actively securing it (monthly audits, daily log checks, etc.).  Doable.  Then 
pick the next lowest hanging fruit and repeat.

--patrick darden

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Naslund, Steve
Sent: Friday, June 19, 2015 8:31 AM
To: Stepan Kucherenko; nanog () nanog org
Subject: [EXTERNAL]RE: OPM Data Breach - Whitehouse Petition - Help Wanted

I think one of their major issues is that they look at too much of the network at a time.  If they decided they were 
going to secure a particular data center or building, they might be much better off.  If they start with defending the 
servers from internal as well as external threats and then move toward the perimeter they might make progress.  I think 
they look at the entire comprehensive network and end up with a number or a project that is too big to fathom.  First 
thing would be current IDP/IDS technology so they would at least know where and what the threats are.

Steven Naslund
Chicago IL

18.06.2015 18:00, shawn wilson wrote:
> I'd actually be interested in a discussion of how much you can possibly
> improve / degrade on a network that big from a management position.