I love cfengine. There are tons of resources out there for managing all kinds of common and uncommon system administration tasks. Rather than regurgitate all that information I wanted to share how I worked around what has been noted as a short coming of cfengine, clients copying information back to the master server.
The American Populace is being inconvenienced, spied on, stripped of Constitutional Rights, and taxed without any idea where that money is going. The perpetrator is not some foreign, militant, activist group, it’s our own Government. There’s no outcry. All of these treacheries are being committed to increase security while the fact remains that all of these drastic measures have failed miserably. The one constant is the relentless pursuit and protection of these programs by our elected officials. They should be the voice of the populace, and perhaps they are. Perhaps, ‘Security Theatre’ is good enough for the masses.
As you may or may not know, I am gainfully employed by the Federal Government in the area of Information Security. Recently the Bush Administration responded to media hype to issue a Federal Mandate requiring all government owned laptops use encryption technologies to encrypt their data.
There are two interpretations of this memo.
- Encrypt the ENTIRE disk.
- Encrypt just the files containing the data.
So, what’s a lowly security administrator to do?! Choices are bad! Obviously you encrypt the entire disk! Right?! no? Why not?
Read the rest of this entry »
Bruce Schneier always has spot-on posts. Here’s his editorial on last week’s terror plots.
It’s really that simple. Stop being terrorized. Stop being scared to live. Stop taking life so seriously, you’re never gonna make it out alive. We don’t need billions of dollars of security screening software/hardware. Anyone with a week of spare time will be able to circumvent it anyways. This security is just a show, and I’m not entertained in the slightest.
I’m not flying again until these ridiculous regulations stop. We know we’re accepting a risk getting onto a plane. We’re 30,000 feet in the air, and if something mechanical fails, that’s a LONG way down. You’re accepting even more of a risk when you get in your car to go to work. You’re a billion times more likely to die in a car accident than a terror attack. So why aren’t we campaigning against ridiculous bullshit by insurance companies and state legislations that waste your tax dollars to make them money instead of fixing problems with automobile safety?
It doesn’t sell papers.
Update: It now appears that some people with some experience in Chemistry have questioned the plausability of the terrorist plot.
Update 2: More information about the acquisition of the information that led to the arrests and wide spread media terrorism.
Most of the organizations I’ve been a part of, the IT staff usually has exemptions from IT policies if not significantly escalated privileges. This distances them from their users. I also happen to know and test MANY different ways to circumvent the policies and controls in place on the network. You can’t push policies and haphazardly grant exceptions to those policies to the group in charge of making them.
As a programmer, I’ve had the concept of “DON’T EVER TRUST YOUR USERS” beaten into my head. For programmers, this concept is incredibly important. Users almost always exceed your expectations for creativity with your new application. By planning for unexpected input, and properly cleaning all variables you can theoretically account for abuses of your system by malicious users and provide a graceful failure for users attempting to enter in bogus data.
This concept is key to PROGRAMMING. What I find astounding, is a large majority of corporations are adopting this practice for ALL IT related issues, and it’s even saturating into HR and other areas of employment. Working as a Security Administrator, I’m surprised that most employers have decided to not trust their employees. If you can’t trust them, then why would you hire them?
