[CLUE-Tech] More migration to linux
Nate Duehr
nate at natetech.com
Wed Dec 8 10:20:09 MST 2004
Chris Schock wrote:
>SANS was not throwing a Microsoft ticker tape parade, they were
>specifically happy about how the USAF was imaging all their machines to a
>standard baseline.
>
>
My concern here is that they couldn't do this with internal standards
and auditing and without paying extra to MSFT to accomplish it? (Your
tax dollars at work.)
>Having a standard baseline is good practice no matter what OS you use.
>
>
Agreed. No argument there.
>It's unfortunate that you have such a low opinion of SANS. Their emphasis
>is on generally applicable best practices, not vendor evaluation. In
>addition, SANS does not employ consultants - it is simply another
>organization like the ACM.
>
>They really are a great resource.
>
>
I have no overall problem with SANS, but there has been a decidedly
pro-Government bent toward their "news" reporting over the last year or
so. They're just going where their market takes them -- they put on
extra training conferences for Government personnel, etc. Companies
can't afford $3500 training courses for staff. But SANS knows if they
play their cards right, the government can.
While there's nothing specifically wrong with that per se, the lean at
SANS tends to be toward where their bread is buttered, and the comments
always sound so "chipper" when the government or military does
*anything* remotely security-related, even if it's stuff the rest of us
all did five years ago, that it's kinda sad and funny at the same time.
Seeing SANS say "Major corporations will follow when the Air Force
testing proves the feasibility and effectiveness of this approach." just
made me laugh... major corporations already do this. I haven't worked
on a corporate machine in the last seven years that wasn't loaded by the
IT department to a standard load.
I re-assert that my *opinion* is that SANS cowtows a bit to the very
behind-the-times agencies in the government that are just now figuring
out how to do network security -- and cheerleads positively when they do
stuff they should have known about already and been doing at least five
years ago.
DOI/Commerce (specifically the Dept. of Indian Affairs) has had their
Internet pipes turned off completely twice in the last year because of
their network security incompetance. At least SANS didn't cut them any
slack and those newsworthy items in the security world got reported
accurately with offers of help.
As a resource, SANS is excellent - ZERO argument there. I just laugh
that the market realities of the network security biz push SANS into a
corner where they can't say, "We told you so." Instead they have to say
this new Air Force thing is "Brilliant!".
I say bah humbug. SANS is Brilliant. SANS calling the Air Force
brilliant is a sign of something else going on sociologically and
economically. To see Northcutt doing it (knowing that Northcutt is
probably quite literally a Brilliant businessperson) shows that he has
no choice but to pat the Air Force on the head and say "Good job, little
one" if he wants to continue to sell training courses to them.
--
Nate Duehr, nate at natetech.com
More information about the clue-tech
mailing list