lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 29 May 2008 14:07:57 +0200
From: "Claus Bitten" <Claus.Bitten@...mfab.de>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: Thank you for help with management.

Hi,
I have read a lot of good reasons why this server is a bad idea, but how
about making it work?
With all costs involved?
(seperated network segment, own firewall protection with deep
inspection, access-proxy with virus-scan etc. running in front of the
unknow fileserver...)
 
>>From my experience management needs options (solutions) and often do not
get deeper technical issues, but that is why you/we are there.
 
I think you can make literally anything work in IT (at least that is how
I see one main apsect of my job), but that comes - of course - with a
price tag.
Most likely there will be four options:
 
a) a working setup proposed from the IT department (usually expensive)
b) some other solution to the problem from the IT department (e.g.
another fileserver) - cheaper as a) 
c) management gets its way, may be the cheapest - but worst solution .
Sometimes b) can be better than c)  btw.
d) no solution at all.
 
d) may be out of the question, but c) is covered with a) and b),
 
If it goes wrong you are not to blame - and while we live in a dangerous
world not all b2b IT Operations are malicious. There is a good chance
that nothing happens at all. (boctaoe - as Scott Adams would say) 
That of course depends on reasonable working environment. But if
management does not care what the relevant IT has to say to IT issues
a company has more pressing problems than a potential unsecure server...
 
regards,
Claus Bitten
 

________________________________

From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Daniel
Sichel
Sent: Friday, May 23, 2008 11:26 PM
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] Thank you for help with management.



Thank you to all who responded to my request for how to deal with a non
secure server. Responses ranged from lol witty to incisive. I will
definitely be asking the general manager for a  key to  his house and I
will be requiring a release from liability in writing.  It was very
helpful, thank you all again.

 

Daniel Sichel, CCNP, MCSE,MCSA,MCTS (Windows 2008)

Network Engineer

Pwnderosa Telephone (559) 868-6367

 


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ