I understand that security's important. I really do. However, other than because I know that most security people are fairly clueless, I just don't get a lot of the restrictions they put in place.
For instance, with UNIX systems, they generally come with tools to help you diagnose network problems. In Linux's case, this is tcpdump. Unfortunately, our security people say, "you can't install tcpdump on systems on our networks". I mean, yeah, tcpdump is a packet-sniffer. But, in a fully-switched network, it's really not the potential avenue for abuse that it was on non-switched networks (so, this is a security requirement that's nearly two decades out of date). What makes it really silly is, Linux comes with a software firewall. In fact, our security geniuses require its use. However, I can configure that firewall software to grab and log all network traffic that comes across the system's network connection. In other words, I can still get all of the tcpdump-type info, I just have to enable logging. The data's a bit less well organized, but I still have the data. So, is there REALLY any security advantage in denying me a good tool like tcpdump? All it does is make my life as a system's administrator harder and have does nothing to create the type of data-protection that the policy probably intends to do.
But, most security people don't really understand the systems they're "securing", so... There you have it.
Still: bite me.
No comments:
Post a Comment