nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: bloomberg on supermicro: sky is falling

From: Alfie Pates <alfie@fdx.services>
Date: Mon, 08 Oct 2018 10:48:59 +0100
Important distinction; You fire any contractor who does it *repeatedly* after communicating the requirements for 
securing your data. 

Zero-tolerance for genuine mistakes (we all make them) just leads to high contractor turnaround and no conceivable 
security improvement; A a rotating door of mediocre contractors is a much larger attack surface than a small set of 
contractors you actively work with to improve security. 

~ a

On Mon, Oct 8, 2018, at 4:53 AM, Naslund, Steve wrote:

You just need to fire any contractor that allows a server with sensitive 
data out to an unknown address on the Internet.  Security 101.

Steven Naslund


From: Eric Kuhnke <eric.kuhnke () gmail com>


 >many contractors *do* have sensitive data on their networks with a 
gateway out to the public Internet. 

----------------------------------------

I could definitely imagine that happening.

scott
Previous By Date Next
Previous By Thread Next

Current thread: