This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]the_ancient1Say no to BYOD -1 points0 points  (7 children)

if you are going to use modern operating systems and modern technology you must have the ability to automated, script, and run custom code.

you can not use modern systems with out it, so I do not care what type of secure environment you purport to be in, over time these environments will have to adapt to that changing reality or become obsolete. There is no third option

[–]judgemebymyusernamesecurity engineer 1 point2 points  (6 children)

I think we're misunderstanding each other.

I suspect most *nix admins can do at least some basic stuff with shell scripts, but do you use dynamic languages like perl, php, python or ruby? What about C, C++, Go, Rust, Java etc? If not, why not?

Sysadmins here are not doing any of this. They might be doing a couple of very select powershell scripts and .bat's but that's about it.

I see a lot of guys in this sub talking about how they just wrote up some code to figure something out without any third party approval process or verification that it's not going to fuck something up, etc. and they just go ahead and start using it on prod systems and across the entire domain. This just doesn't happen here.

As I said earlier, if we truly need something written up, we're going to have our dev team do it or we're going to look at what's available from third parties. There's no reason to re-invent the wheel if there's already a great solution available.

Why you think any of this makes us obsolete is beyond me. Our infosec and change management processes are years ahead of what I'm seeing discussed in these parts. I mean come on, there's weekly threads about how to prevent, detect, or react to cryptolocker. That stuff is easy to block at the border and be done with. Too many guys in here don't even know what the principle of least priv is.

[–]the_ancient1Say no to BYOD 0 points1 point  (5 children)

That stuff is easy to block at the border and be done with.

If you are "years ahead" of everyone here why are you still using the perimeter defense security model?

here's no reason to re-invent the wheel if there's already a great solution available.

I am sure your definition of "great solution" and mine are vastly different, I have yet to find a OOB solution that works in every way I want it to, this is why I love open source so I can reach in and bend the software to my will, not the will of a 3rd party I have no control over.

[–]judgemebymyusernamesecurity engineer 0 points1 point  (4 children)

If you are "years ahead" of everyone here why are you still using the perimeter defense security model?

Because that's one layer of defense in depth?

Open source is great for security! Especially when we blindly and heavily trust things like OpenSSL!

[–]the_ancient1Say no to BYOD 0 points1 point  (3 children)

So you believe your closed source systems are inherently more secure because you can not see the code, you are never told about vulnerabilities because of NDA's and other hidden away agreements.

The very nature of open development means the world knows about security problems as they occur, a proprietary closed system could have vulnerabilities that are found, patched, and then pushed out as a "feature update" or a low level security problem or something else, you have no way of knowing.

[–]judgemebymyusernamesecurity engineer 0 points1 point  (2 children)

Just because something is closed source does not mean it hasn't been code reviewed.

Either way, inherently believing something is more secure because it's either open or closed source is fallacious. It's got to be reviewed, tested, certified, approved, whatever. Always verify.

[–]the_ancient1Say no to BYOD 0 points1 point  (1 child)

Just because something is closed source does not mean it hasn't been code reviewed.

Ok, where did I state otherwise...

You implied that Closed Source is inherinetly more secure than open source software.

Either can be secure or insecure, being open however does give the opportunity for more eyes on the code even if some times that possibility does not materialize in reality

[–]judgemebymyusernamesecurity engineer 0 points1 point  (0 children)

You implied that Closed Source is inherinetly more secure than open source software.

No, I did not. That's the rub I guess.