[ale] Telnet or SSH? (Was: Re: anonymize google searches andtor for android)

Jeff Lightner jlightner at water.com
Wed Oct 28 08:20:37 EDT 2009 

Often enough it isn't just one person who has to approve but a committee and usually these kinds of decisions are made more in terms of turf wars than what is most secure.

The beauty of things like PCI, S-OX and other external mandates is that they tend to help refute the "we've always done it that way" arguments.  PCI is even better in that there is a "cost" for NOT doing it the right way.  Not saying these external mandates can't be maddening in themselves but I've found it a lot easier to explain why what I have in place refutes some silly audit point than to overcome the stubbornness of people that prefer to think security is a hindrance to productivity rather than an augmentation of continued production.


-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Jim Kinney
Sent: Tuesday, October 27, 2009 5:37 PM
To: Atlanta Linux Enthusiasts - Yes! We run Linux!
Subject: Re: [ale] Telnet or SSH? (Was: Re: anonymize google searches andtor for android)

On Tue, Oct 27, 2009 at 5:20 PM, Michael B. Trausch <mbt at zest.trausch.us> wrote:
> On Tue, 2009-10-27 at 16:09 -0400, Jim Popovitch wrote:
>> On Tue, Oct 27, 2009 at 15:40, Michael B. Trausch <mbt at zest.trausch.us> wrote:
>> > Oh and here's what's even funnier:  One *exactly* one network I know,
>> > there is no SSH, open access to all X11 displays, and all that jazz,
>> > right?  But they require the use of "sudo".
>>
>> That's actually not a too uncommon setup for lots of private networks
>> (think: deep inner circles of places most ppl never see).  ;-)
>
> True enough, but it also means that there is no accountability for
> anything.  Sniffing a password is so trivial on networks like that, it's
> not funny; anyone with a brain can fake just about anything on a network
> like that.  You'd think those sorts of things would be updated in large
> corporate-type environments.

One _would_ think that until one has had to sit in meetings where the
only thing said from the ones who "approve" things is "how much will
that cost?"

IT is often treated like a hand tool. Purchase once, use it until it
breaks or is lost or stolen. Hammers don't get upgrades on a per item
basis so why spend resources upgrading IT that does actually work.

Short sighted? Absolutely.

Common practice? Most certainly. The only practice more common is CYA
pertaining to who denied the upgrade that led to the failure event.
>
>        --- Mike
>
> --
> Blog:  http://mike.trausch.us/blog/
> Misc. Software:  http://mike.trausch.us/software/
>
> "The greater danger for most of us lies not in setting our aim too
> high and falling short; but in setting our aim too low, and achieving
> our mark." -Michelangelo
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
-- 
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness

_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
 
Proud partner. Susan G. Komen for the Cure.
 
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

More information about the Ale mailing list