Flaw or invitation?
Much of the problem is the IT guys constantly wanting a new box, a new vendor.
Cisco is proven and the most secure.
And when a problem arises they can have a patch ready in 24hrs, with an army onsite to fix it.
Why that is not more highly valued is beyond me.
p
All your data are belong to China.
I am a retired sysadmin, who worked, primarily on US Army networks, managing servers, remotely. I never had any issues, I believe, because the older guard were competent sysadmins. I would do simple things, like create a fake root account, that could only access parts of hard drives which contained misinformation. Typically, my root accounts were usernamed: “guest” or some variation thereof. No access was allowed into my servers, unless it came from specific IP addresses, no access was allowed unless the IP address matched the MAC address. All traffic was encrypted with pre-shared keys, that were changed each day. A honey pot was always used on the network segment, as was various intrusion detection hardware devices. There were certain systems which needed better security, and these were maintained in an RF proof room, disconnected from the external world. All of our software was written “in-house” and there were no opportunities for vulnerabilities to be introduced, either accidentally, or deliberately, as any software that was written, was passed around among a very brilliant group of coders, who tried to hack it.
We had issues with the Chinese, but we kept them at bay, and understood the malevolent intentions that China has towards the US. DoD recruited the best and brightest, and none were anything but born and raised American. Since we have opened admission to our best CS schools to anyone from any country, they now have some of the best and brightest minds working to gain access. What did Academia think would happen by allowing 85% of their IT students to be Chinese?
can we blow them up now?
can we blow them up now?
can we blow them up now?