On Mon, 23 Sep 1996, Marcus J. Ranum wrote:
> Minor nitpick: the White house's security is handled by lots
> of people. It's a typical government type scene in which they have
> dozens of cooks in the kitchen, each doing their own thing and nobody
> is answerable to anyone else unless they want to be. Also, at any
> given time, most of the people involved are consultants, who are being
> asked to work gratis, with the promise of future business "down the
> road" or future purchases. Of course, they either never get paid or
> the products never get bought. I believe the guy you know in Texas
> never got paid, and last time I had anything to do with security
> there, much of the software was running on "evaluation" licenses
> because nobody was actually willing to pay people for the work they
> did or the software they provided. A constant ebb and flow of
> consultants resulted, as the smart ones grew disillusioned and left
> and the new ones, lured by white house fairy dust, came in.
>
> There are lots of folks who've handled security in the
> White house and most of 'em, if they were really there, will
> start screaming and pulling their hair out, if you mention the
> topic to them. Anyone you talk to who makes it sound like it was
> exciting, interesting, or state of the art is a liar and a
> charlatan.
Well, I'm gonna have to disagree . While the set of security stuff at my
agency during my tenure that I was involved in didn't involve things like
the Internet, our budget was fair, and we did get quite a bit of "state of
the art" equipment. Old equipment breaks, that wasn't in our gameplan.
I guess exciting depends on your view of the world, I'd say "stressful"
was more apt, but at that time, there was nothing I would have rather been
doing, and it was *definitely* interesting. Most of us weren't doing just
security stuff, and I'm sure our S-2 wasn't having nearly as much fun as
the rest of us (then again, I'm sure their sense of fun was removed at
birth, but damn they were good).
While we got tons of evaluation hardware and software, we also *always*
paid for what we used in production. No exceptions that I was ever aware
of.
As you say, there are a *lot* of different fingers in a *lot* of different
pies (or at least there used to be), and I can think of a few of them who
played by the rules. I can also think of some folks that I'd not want to
work with, and some times when I was glad our charter mostly kept us out
of having to. I'd hazard to guess that you worked mostly with the OA
staff, who get lots of appointees, and have to deal with lots of
appointees, not everyone on The 18 Acres was like that.
We were also answerable to a number of folks. Also most of the people on
our side weren't consultants.
'Course it's been a buncha years since I was there, so my memories are
'enhanced' by time. It also got me out of having to wear a uniform, and
live in the barracks, so that alone made it a great assingment.
Unfortunately, if I got any more specific, I'd have to kill ya ;)
Ob Firewalls: An air gap is still the best defense around, if it's
_that_ important.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts @
clark .
net which may have no basis whatsoever in fact."
PSB#9280
References:
|
|
