Warning: Constant ABSPATH already defined in /home/public/wp-config.php on line 27

Warning: Cannot modify header information - headers already sent by (output started at /home/public/wp-config.php:27) in /home/public/wp-includes/feed-rss2-comments.php on line 8
Comments on: The Evidence Builds https://whynow.dumka.us/2013/08/25/the-evidence-builds/ On-line Opinion Magazine...OK, it's a blog Tue, 27 Aug 2013 05:06:15 +0000 hourly 1 https://wordpress.org/?v=6.4.3 By: Bryan https://whynow.dumka.us/2013/08/25/the-evidence-builds/comment-page-1/#comment-65192 Tue, 27 Aug 2013 05:06:15 +0000 http://whynow.dumka.us/?p=30619#comment-65192 In reply to Badtux.

I could understand his ability to muck about with the system in Hawaii, but he apparently could wander at will. I was the sysadmin at a college for the teaching systems that were used by the IT department. They were locked up like a vault because I knew damn well somebody would attempt to break in. They tried and got caught, so they stopped trying. The system was available in the lab 8am-10pm six days a week, and I had no desire to go in on my time off to babysit. We used TAs to cover the lab, and their access was only sufficient to the tasks they were allowed to perform. I liked most of them, but I wasn’t going to trust them with my Friday and Saturday nights.

It is more complex today, but damn, the tools are part of the operating system, and if you are trying to establish your credibility to advise people on hardening their systems, you have to harden your own.

Contracts run from 3 to 5 years, so people aren’t going to invest their lives in the job.

When I was in, even the cleaning crew were Federal employees and almost everyone was former military. Security and confidentiality was not a problem.

]]> By: Badtux https://whynow.dumka.us/2013/08/25/the-evidence-builds/comment-page-1/#comment-65190 Tue, 27 Aug 2013 03:46:08 +0000 http://whynow.dumka.us/?p=30619#comment-65190 The core problem is one of loyalty. You want someone who is full time, who is part of the institution, who has a vested interest in the success of the institution whether that’s military retirement benefits if continuing in service, stock options, whatever. One thing you *don’t* do is put a contractor in charge of critical infrastructure. Not without having a full time employee with years in service overseeing his every move, anyhow. Just giving him root access to the whole frickin’ network with no oversight? WTF?

I have utilities going to track anything done as root, and I get emailed a report every morning. You can f**k with the utility’s database files, but if you do, I get emailed a report on *that* too, in real time. I have golden handcuffs going where if the company does well, I do well too, that’s how they buy my loyalty. This is just common sense, that you track everything and put only people who have a vested interest in the success of the institution in charge of critical infrastructure. But I guess common sense ain’t so common….

]]>