Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Down with DHCP!!!!

from [Michael J. Benedetto] Network Security [Permanent Link]
Subject: RE: Down with DHCP!!!!
Date: Thu, 23 Feb 2006 11:32:48 -0500 
Mostly what I see from your original post and subsequent response to the
critiques that followed is that you have already made up your mind as to
what you want to do, but decided to post to the list for validation (which
for the most part you did not get).

Your heavy handed approach will gain you nothing but disdain from the
Network Engineering folks. One of your first proposals is to take away a
tool (DHCP) that they see as critical and produce in its place a draconian,
and frankly unmanageable, framework that will add more work to them and get
you very little in return. You seem not to trust the Network group now, but
yet your new system requires you to trust them with providing you correct
information. Oh sure, you'll audit them (perhaps weekly) but a lot of damage
can be done before you even get around to looking at what they entered. Your
new system will cause them to find every way possible to circumvent you (I
can guarantee this) if for no other reason to spite you.

If your policies are not being met, then first review the policies to make
sure they are even reasonable. More often than not I have seen information
security plans and policies that are too extreme and unworkable from the
outset (usually written by overzealous and new InfoSec guys). If the
policies are reasonable, then work with the Network guys and PC support
staff and management on a plan to put reasonable procedures and policies in
place to bring everyone in compliance gradually. Work WITH your colleagues
rather than AGAINST them if you want their cooperation. Make them part of
the solution, not enemies of it.

There is an old story that if you want to cook a live frog, you should put
them in cool comfortable water and gradually turn up the heat. Before you
know it the frog will be perfectly cooked just the way you want them and
never know what happened. If you try to throw a live frog into already
boiling water they will do everything they can to escape. Take away the
tools your Network staff needs to work and they will try to hop right out of
the pot of boiling water you have created for them.

We've suggested dozens of ways to accomplish what you want to accomplish
without making your colleagues the enemy. Choose whichever way you want to
go, just don't say we didn't warn you.

-Mike

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: What addresses to put on my NEW black list?, David Gillett
Next by Date:  [Full-disclosure] Re: How hackers cause damage... was Vulnerabilites in new laws on computer hacking, Jason Coombs
Previous by Thread:  Re: Down with DHCP!!!!, Brian Loe
Next by Thread:  RE: Down with DHCP!!!!, Steven Jones
Indexes:  [Date] [Thread] [Top] [All Lists]