Re: Calling David Copeland regarding .local convention

From: Jeff L (newsgroupsremoveandunderscore_jeff_at_availabletech.net)
Date: 05/31/04 

Date: Mon, 31 May 2004 01:27:58 -0400

Cover your *** against blame is an interesting approach to security and
protection. I prefer a best practices approach which includes both the
proper naming convention and documentation. Do you agree?

Unfortunately, the clients who are least willing to pay for documentation
are also most willing to take shortcuts and try it on their own. I think we
both agree to stay away from those clients, especially if they are
lawyers...

Jeff Loucks
       Available Technology ®
            Solutions For Professionals ®
                  www.availabletechnology.com

"Gordon Fecyk" <gordonf@pan-am.ca> wrote in message
news:#nntrQFREHA.1340@TK2MSFTNGP12.phx.gbl...
> > The in house admin wants to set up an intranet
> > site but has problems resolving the name through DNS(Give me a little
> leeway
> > here: consider the admin is relatively inexperienced [a fresh MCSE]).
>
> Don't they teach firewalls in MCSE courses? :-)
>
> > They
> > make some changes to DNS and the firewall while
> > trying to get their intranet
> > site to resolve in a timely manner.
>
> ...while forgetting the bottleneck could be in IIS instead, or (if a
secure
> intranet site) forgetting to install the company CA certificate on the
> client machine... don't they teach this in MCSE school too?
>
> I guess I'm trying to say that inexperience isn't an excuse for reading
and
> testing and asking questions. I learn new stuff all the time but I try to
> learn from other peoples' mistakes first. And I test. And I test, and I
> test, and I test.
>
> > They fail to consider the broader picture and have
> > made a "few extra clicks"
> > in their trial and error approach to administration.
>
> He's going to learn the hard way, or hopefully hire a new consultant.
And,
> the first consultant should've been nailed for not documenting their work.
>
> Some have even argued that Windows and its designers encourage
> trial-and-error administration to the point of negligence. But this will
> digress into a Windows/Linux flamewar (or a Linux/Windows flamewar from a
> Linux admin's viewpoint) so I'll stop. :-)
>
> > My questions are:
> > 1) How do you feel about their security now?
>
> How do I feel? If I was told this by the client (the internal admin) I'd
no
> doubt have questions, and then point out why what they've done is a Bad
> Idea, and I'd be frustrated. But it's their equipment, and that's hard to
> remember sometimes.
>
> If the previous consultant had any smarts he'd have documented everything
> for their client, and hopefully the client would be smart enough to read
> what they've paid for first.
>
> > 2) Who do you think the internal admin is going to blame three months
> later
> > when they get hacked?
>
> People can get threatened with lawsuits at this point. If I were the
first
> consultant and I was blamed for "client error," I'd hope I'd have a chance
> to fix it and then explain what really happened. Barring that, I'd have
the
> documentation I wrote demonstrating that I'm not an idiot. The lawyers
can
> take over from there.
>
> People have a tendency to blame others before blaming themselves - that's
> just natural. So for sure, this admin is probably going to blame their
last
> consultant. That's where the documentation helps.
>
> Besides, wether someone gets hacked or 0wnzd or not, has little bearing on
> what name space their internal AD domain uses, because "h4x0rz" do stuff
by
> IP addresses. I think this leads to the answer to this:
>
> > 3) What is the difference between the situation if they have
> > .com?
> > .local?
> > .lan?
> > .otl?
>
> ...which is "none," because the name space is irrelevant to "k1dd13z"
> looking for network addresses. It has relevance to internal access to
> external Internet sites if you mess with an existing name space without
> registering a name in it, but that's another problem.
>
> I walk the walk, by the way. Besides, I get paid to write documentation
as
> well as work on the systems. It's in a good consultant's best interest to
> leave a paper trail for their own reference, as well as for the client,
the
> other consultants, and the lawyers.
>
> --
> PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@pan-am.ca.asc>
> What's a PGP Key? See <http://www.pan-am.ca/free.html>
> GOD BLESS AMER, er, THE INTERNET.
<http://vmyths.com/rant.cfm?id=401&page=4>
>
>