nanog mailing list archives
RE: bloomberg on supermicro: sky is falling
From: "Naslund, Steve" <SNaslund () medline com>
Date: Wed, 10 Oct 2018 14:21:40 +0000
Allowing an internal server with sensitive data out to "any" is a serious mistake and so basic that I would fire that contractor immediately (or better yet impose huge monetary penalties. As long as your security policy is defaulted to "deny all" outbound that should not be difficult to accomplish. Maybe if a couple contractors feel the pain, they will straighten up. The requirements for securing government sensitive data is communicated very clearly in contractual documents. Genuine mistake can get you in very deep trouble within the military and should apply to contractors as well. I can tell you that the "oh well, it's just a mistake" gets used far too often and its why your personal data is getting compromised over and over again by all kinds of entities. For example, with tokenization there is no reason at all for any retailer to be storing your credit card data (card number, CVV, exp date) at all (let alone unencrypted) but it keeps happening over and over. There needs to be consequences especially for contractors in the age of cyber warfare. Steven Naslund Chicago IL
Important distinction; You fire any contractor who does it *repeatedly* after communicating the requirements for securing your data. Zero-tolerance for genuine mistakes (we all make them) just leads to high contractor turnaround and no conceivable security improvement; A a rotating door of mediocre contractors is a much larger >attack surface than a small set of contractors you actively work with to improve security.
Current thread:
- Re: bloomberg on supermicro: sky is falling, (continued)
- Re: bloomberg on supermicro: sky is falling Scott Weeks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Pete Carah (Oct 06)
- Re: bloomberg on supermicro: sky is falling Bryce Wilson (Oct 09)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 07)
- Re: bloomberg on supermicro: sky is falling Randy Bush (Oct 07)
- Re: bloomberg on supermicro: sky is falling Daniel Taylor (Oct 08)
- Re: bloomberg on supermicro: sky is falling valdis . kletnieks (Oct 08)
- Re: bloomberg on supermicro: sky is falling Daniel Taylor (Oct 08)
- Re: bloomberg on supermicro: sky is falling Pete Carah (Oct 06)
- Re: bloomberg on supermicro: sky is falling Alfie Pates (Oct 09)
- Re: bloomberg on supermicro: sky is falling Saku Ytti (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling Brian Kantor (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling David Hubbard (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- Re: bloomberg on supermicro: sky is falling Scott Weeks (Oct 04)
- Re: bloomberg on supermicro: sky is falling Alain Hebert (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- RE: bloomberg on supermicro: sky is falling bzs (Oct 10)
- RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
- RE: bloomberg on supermicro: sky is falling bzs (Oct 10)
- Re: bloomberg on supermicro: sky is falling Bjørn Mork (Oct 12)