[rescue] RE: Why buy DEC when you can get the milk for free?

Tue Jun 26 15:01:46 CDT 2001

On Tue, Jun 26, 2001 at 03:47:56PM -0400, Ken Hansen wrote:
> Remember CA was foing to buy EDS, PWC was going to buy HP, whatever that 
> twisted logic was a few years ago...

O god,, dont get me started on PWC.  At an employer, they did a 
"security audit".

This consisted of:

	1.  Letting one of their guys have an ethernet connection to
	    the internal network and an IP address.  (normally, unless 
	    you have a machine that needs to be connected, the ports arent
	    connected, and even unused swich ports are locked down).
	    This was someone in another department that did this.

	2.  Running whatever their equivalent of nmap/portscanner against
	    every machine on the network.  We got stuff like "machine has
	    NFS exports, this is unsecure".  No matter who the box was
	    exporting to, or what permissions it was giving, etc.  Things
	    like "box has RPC running".   Basically, a fancy spreadsheet
	    chart output for the suits, but nothing that would be *useful*
	    from a sysadmin point of view.

Bill

-- 
Bill Bradford
mrbill at mrbill.net
Austin, TX