On 12/4/14 11:54 PM, Mark McCullough wrote:> I've met too many senior sysadmins who still espouse the same nonsense about authentication I've seen for years, and it's still wrong. > Security is sufficiently specialized that no sysadmin can be > expected to know more than the basics.
Amen! Thank god someone says it. > The best defense against bad security from a secadmin is the same as > how to defend against bad security from a sysadmin. Education. Teach > the secadmin how the system works, As well as educating all parties involved that it is a sign of strength and quality of person to be willing to admit as well as being able to say "I don't know." and not a negative reflection on the person saying it. I find it a point of pride that I can stand in front of people and say "I don't know enough to do it safely, so I'm turning to [parties] to get it done right." Educating us not just about things we need to know but educating us to recognize and admit to the things we don't know is important. -- << MCT >> Michael C Tiernan. http://www.linkedin.com/in/mtiernan Non Impediti Ratione Cogatationis Women and cats will do as they please, and men and dogs should relax and get used to the idea. -Robert A. Heinlein _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
