nanog mailing list archives

Re: bloomberg on supermicro: sky is falling

From: William Herrin <bill () herrin us>
Date: Wed, 10 Oct 2018 12:35:56 -0400

On Wed, Oct 10, 2018 at 11:25 AM Naslund, Steve <SNaslund () medline com> wrote:

You are free to disagree all you want with the default deny-all
policy but it is a DoD 5200.28-STD requirement and NSA
Orange Book TCSEC requirement.


And yet I got my DoD system ATOed my way earlier this year by
demonstrating to the security controls assessment team that the cost
of default-deny-all exceeded the risk cost of default-allow with IDS
alerts on unexpected traffic.

Because not spending more on a security implementation than the amount
by which it reduces the risk cost, is a CORE SECURITY PRINCIPLE while
default-deny-all is merely a standard policy.

Regards,
Bill Herrin



-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Dirtside Systems ......... Web: <http://www.dirtside.com/>

Current thread:

CVV (was: Re: bloomberg on supermicro: sky is falling), (continued)
- - - CVV (was: Re: bloomberg on supermicro: sky is falling) bzs (Oct 11)
    - RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
    - Re: bloomberg on supermicro: sky is falling Brian Kantor (Oct 10)
    - Re: bloomberg on supermicro: sky is falling Suresh Ramasubramanian (Oct 10)
    - RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
    - Re: bloomberg on supermicro: sky is falling Suresh Ramasubramanian (Oct 10)
    - RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
    - Re: bloomberg on supermicro: sky is falling Brandon Butterworth (Oct 10)
    - Re: bloomberg on supermicro: sky is falling William Herrin (Oct 10)
    - RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
    - Re: bloomberg on supermicro: sky is falling William Herrin (Oct 10)
    - RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
    - Re: bloomberg on supermicro: sky is falling William Herrin (Oct 10)
    - RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
    - Re: bloomberg on supermicro: sky is falling Mike Hale (Oct 10)
    - RE: bloomberg on supermicro: sky is falling Naslund, Steve (Oct 10)
    - Re: bloomberg on supermicro: sky is falling Mike Hale (Oct 10)
    - Re: bloomberg on supermicro: sky is falling Lee (Oct 10)
    - Re: bloomberg on supermicro: sky is falling William Herrin (Oct 10)
    - RE: bloomberg on supermicro: sky is falling Jamie Bowden (Oct 10)
    - Re: bloomberg on supermicro: sky is falling Alain Hebert (Oct 10)

(Thread continues...)