On Mon, 1 Oct 2001, Derek D. Martin wrote: > ... and the affected site should be able to replace the trashed web > server in about 15 minutes, IF they notice it's been trashed, and IF > they have a proper disaster recovery plan.
There is no way you are going to recover from a security compromise in 15 minutes, Derek. Come on. You of all people should know that. You login to your network tomorrow morning and find someone's root'ed your e-commerce server. (If you don't have an e-commerce server, picture your main NFS server instead.) You going to get that back up in 15 minutes? Hell no. You're going to shutdown everything and perform an end-to-end audit of the entire system. An e-commerce site can lose thousands of dollars an hour in that case. A large site, more. I am not saying the ill-conceived, reactionary measures under discussion in Congress are justified. I believe they are not. But the fact of the matter is, comparing a network security compromise to a kid throwing a brick through a window is just not reasonable, either. > Obviously the elctronic nature of computer crime makes it very > different, in that regard, from conventional vandalism. But it's still > basically vandalism. You have been presented with arguments otherwise. You do not have to agree. Others do see it this way, however. If you ignore their viewpoints, they will likely ignore yours. > All I'm saying Ben, is that this bill makes no sense. It appeared to me you were saying more than that. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | ********************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the following text in the *body* (*not* the subject line) of the letter: unsubscribe gnhlug **********************************************************
