[CLUE-Tech] More migration to linux

Nate Duehr nate at natetech.com
Wed Dec 8 10:20:09 MST 2004 

Chris Schock wrote:

>SANS was not throwing a Microsoft ticker tape parade, they were
>specifically happy about how the USAF was imaging all their machines to a
>standard baseline.
>  
>
My concern here is that they couldn't do this with internal standards 
and auditing and without paying extra to MSFT to accomplish it?  (Your 
tax dollars at work.)

>Having a standard baseline is good practice no matter what OS you use.
>  
>
Agreed.  No argument there.

>It's unfortunate that you have such a low opinion of SANS. Their emphasis
>is on generally applicable best practices, not vendor evaluation. In
>addition, SANS does not employ consultants - it is simply another
>organization like the ACM.
>
>They really are a great resource.
>  
>
I have no overall problem with SANS, but there has been a decidedly 
pro-Government bent toward their "news" reporting over the last year or 
so.  They're just going where their market takes them -- they put on 
extra training conferences for Government personnel, etc.  Companies 
can't afford $3500 training courses for staff.  But SANS knows if they 
play their cards right, the government can.

While there's nothing specifically wrong with that per se, the lean at 
SANS tends to be toward where their bread is buttered, and the comments 
always sound so "chipper" when the government or military does 
*anything* remotely security-related, even if it's stuff the rest of us 
all did five years ago, that it's kinda sad and funny at the same time.

Seeing SANS say "Major corporations will follow when the Air Force 
testing proves the feasibility and effectiveness of this approach." just 
made me laugh... major corporations already do this.  I haven't worked 
on a corporate machine in the last seven years that wasn't loaded by the 
IT department to a standard load.

I re-assert that my *opinion* is that SANS cowtows a bit to the very 
behind-the-times agencies in the government that are just now figuring 
out how to do network security -- and cheerleads positively when they do 
stuff they should have known about already and been doing at least five 
years ago.

DOI/Commerce (specifically the Dept. of Indian Affairs) has had their 
Internet pipes turned off completely twice in the last year because of 
their network security incompetance.  At least SANS didn't cut them any 
slack and those newsworthy items in the security world got reported 
accurately with offers of help.

As a resource, SANS is excellent - ZERO argument there.  I just laugh 
that the market realities of the network security biz push SANS into a 
corner where they can't say, "We told you so."  Instead they have to say 
this new Air Force thing is "Brilliant!". 

I say bah humbug.  SANS is Brilliant.  SANS calling the Air Force 
brilliant is a sign of something else going on sociologically and 
economically.  To see Northcutt doing it (knowing that Northcutt is 
probably quite literally a Brilliant businessperson) shows that he has 
no choice but to pat the Air Force on the head and say "Good job, little 
one" if he wants to continue to sell training courses to them.

--
Nate Duehr, nate at natetech.com

More information about the clue-tech mailing list