http://www.innismir.net/article/403 Pointless, vapid ramblings of a surly information security engineer Wed, 28 Apr 2010 01:48:42 +0000 hourly 1 http://wordpress.org/?v=3.0 http://www.innismir.net/article/403/comment-page-1#comment-191 Jim Wed, 02 Dec 2009 00:42:50 +0000 http://www.innismir.net/?p=403#comment-191 I agree with much of what you're saying, however. When an admin is negligent when setting up a server, does not follow documented procedures, unloads security software, etc and gets compromised, that admin (in my oh so humble opinion) takes on the largest part of the blame. Yes, we should have layers of security and those layers hopefully/should block the bad guys before they get to the server. But the admin is responsible for their own actions, or lack there of. If our security layers are not maintained or misconfigured and the threat because of that, then we bare the brunt of the blame. This does not excuse the person opening the unlocked car door and stealing the stuff we foolishly left in the car. I agree with much of what you’re saying, however. When an admin is negligent when setting up a server, does not follow documented procedures, unloads security software, etc and gets compromised, that admin (in my oh so humble opinion) takes on the largest part of the blame. Yes, we should have layers of security and those layers hopefully/should block the bad guys before they get to the server. But the admin is responsible for their own actions, or lack there of. If our security layers are not maintained or misconfigured and the threat because of that, then we bare the brunt of the blame. This does not excuse the person opening the unlocked car door and stealing the stuff we foolishly left in the car.

]]>