On Tue, Oct 5, 2010 at 4:46 PM, Dan Shoop <[email protected]> wrote: > > On Oct 5, 2010, at 4:27 PM, Scott Ribe wrote: > > > On Oct 5, 2010, at 2:19 PM, Bart Silverstrim wrote: > > > >> I just think that sometimes companies go out of their way for wacky > scenarios that really shouldn't be much of a concern in the first place > while leaving open other more obvious routes of penetration, and forgetting > their biggest security weakness is their users. > > > > I think it's more the "auditors", consultants & lawyers who do that. IT > just has to make the point-haired boss happy after the outsiders get through > scaring him with silly apocrypha about compliance. > > Having dealt with my fair share of audits over the last 25+ years I can say > that when they present such a challenge or "risk" all you need to do is > counter it with a response doc that mitigates the risk. (Or in this case > explains why the scenario is fanciful and extremely low risk.) That's easier > than engineering a solution to a problem that won't occur. > > Ok I lied about that last post being my last post. This will be the last post. Sometimes it's easier to cut and paste a six line shell script into a .plist for LaunchServices than debate with auditors. Sometimes it costs the client less money, too. And sometimes, there's even a slight benefit, as I've personally noticed that when airport and ethernet is enabled and active, my MacBook by default still uses Airport depending on the order in which things came up. Considering the relative speeds of the links, I can see a non-security benefit to making sure Ethernet is used when available. Something about gig-e versus wifi throughputs.
I realize there's a whole career path for argumentative IT guys, but that's just not always the right approach. Sometimes you can just say "hey boss, this will almost certainly never happen (boss reply: i know, i know), but i can fix it in about 5 minutes". _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
