On 2013-04-07 16:34, Andrew Gabriel wrote:
OTOH, I have worked in environments where everything is going to be locked down for 6-10 years. You get as current and stable as you can for the final testing, and then that's it - absolutely nothing is allowed to change. As someone else already hinted earlier in the thread, the security design of such infrastructure assumes from the outset that the systems are riddled with security holes, and they need to be made secure in some other (external) way.
We've had projects where the axiom was "A network-connected system is assumed compromised". It was even forbidden by law (maybe still is) to connect govt IT processing systems to public networks, so all kinds of the security gateway systems sprawled - in order to allow data exchange without having a networked connection, we made some too back in the day. Heck, for some deployments "they" discussed as appropriate to print out the input on one "shore" of the no-net gap and scan or type it in on the other. And this was even not some secret military, just govt-management stuff ;) //Jim Klimov _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
