> From: Bill Bogstad [mailto:[email protected]] > > I would say it should also depend on your threat model. If you truly > only care about total outsiders then providing external DNS and IPs is > simply a matter of making your security consultant more efficient. > To the extent that you care about the possibility of disgruntled > ex-employees, you should consider providing more information. > Perhaps even going beyond network maps to include OS versions, real > names & login names of system administrators, employee directories, > etc. I would argue that since you probably have internal controls on > employee access in place, you don't completely trust employees even > while they are working for you. Do you trust them more when they are > let go?
+1 _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
