On 10/10/18, Mike Hale <eyeronic.design@gmail.com> wrote:
To be fair, the idea that your security costs shouldn't outweigh potential harm really shouldn't be controversial. You don't spend a billion dollars to protect a million dollars worth of product.
The problem with that idea is that it's almost always implemented as your security costs shouldn't outweigh _your_ potential harm Regards, Lee
On Wed, Oct 10, 2018 at 10:54 AM Naslund, Steve <SNaslund@medline.com> wrote:
Mr Herrin, you are asking us to believe one or all of the following :
1. You believe that it is good security policy to NOT have a default DENY ALL policy in place on firewalls for DoD and Intelligence systems handling sensitive data.
2. You managed to convince DoD personnel of that fact and actually got them to approve an Authorization to Operate such a system based on cost savings.
3. You are just trolling to start a discussion.
The reason I asked what system it is would be to question the authorities at DoD on who and why this was approved. If you don't want to disclose that then you are either trolling or don't want anyone to look into it. It won't be hard to determine if you actually had any government contracts since that is public data. There are very few systems whose EXISTENCE is actually classified, but you were the one that cited it as an example supporting your policy. If you cannot name the system then it doesn't support your argument very well does it. Completely unverifiable.
In any case I believe the smart people here on NANOG can accept or reject your security advice based on the factors above. I'm done talking about this one.
Steven Naslund
Want to tell us what system this is?
Yes, I want to give you explicit information about a government system in this public forum and you should encourage me to do so. I thought you said you had some skill in the security field?
Regards, Bill Herrin