tag:blogger.com,1999:blog-4088979.post3842161435558540600..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Thoughts on Air Force Blocking Internet AccessRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-4088979.post-36900582991940499582009-02-19T17:45:00.000-05:002009-02-19T17:45:00.000-05:00From the linked article: "Network administrators a...From the linked article: "Network administrators at Air Force bases already put strict limitations on what sites their troops can and cannot visit. Many airmen can't access Danger Room, for example — or any site with the word "blog" in the URL. That's in addition to Defense Department-wide bans on YouTube, MySpace and other social networking sites."<BR/><BR/>So they are going to defend against malicious websites with network based security mechanisms? That should work wellAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-32533686043983085482009-02-19T13:00:00.000-05:002009-02-19T13:00:00.000-05:00So I just asked some people what the deal was here...So I just asked some people what the deal was here - and the answer is disappointing. The network was cut off because it wasn't using Websense. In true bureaucratic fashion an auditor looked at his checklist, noticed a missing check-mark, and things snowballed from there. <BR/><BR/>Now just because a network is not using Websense doesnt make it insecure. In fact, the comm folk at Maxwell were using a different product to provide the same functionality. But since it didn't say "Websense" it was obviously bad...<BR/><BR/>*sigh*Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-7555011373926777652009-02-19T12:01:00.000-05:002009-02-19T12:01:00.000-05:00Applying consequences for lack of compliance is on...Applying consequences for lack of compliance is one of those fundamental sociological constructs that for some reason hasn't fully made it's way into the security realm. <BR/><BR/>But applying those 5 steps are usually 'too much work' to be applied by management.<BR/><BR/>The other problem is #2. Having good documentation of the network is rarely seen in experiences.mubixhttps://www.blogger.com/profile/08706151795678283675noreply@blogger.com