LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

February 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS February 2014

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Exchange server alternative?
From:	Nico Kadel-Garcia <[log in to unmask]>
Reply To:	Nico Kadel-Garcia <[log in to unmask]>
Date:	Sun, 9 Feb 2014 17:37:42 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (42 lines)

On Sun, Feb 9, 2014 at 3:50 PM, Paul Robert Marino <[log in to unmask]> wrote:
> On Sun, Feb 9, 2014 at 10:46 AM, Nico Kadel-Garcia <[log in to unmask]> wrote:

>> It also ties directly to backup. Backup is often ignored, or relegated
>> to an afterthought for critical email systems.
>
> I severely doubt you have never sat across a table from a S.E.C.
> auditor, they usually are very much interested in your backups. As a

SEC  auditor, no. The IT department preparing the checklists for SOX
compliance, yes. Being asked to "edit" the data before it was given to
auditors? Lord, yes, and that helped cause professional problems for
me. I refused to lie, and the data was late because I *deleted* the
old accounts, then made a report, I didn't edit old user accounts out
of the report.

> matter of fact they tend to trust tape backups more than the live data
> in the systems because thats usually how they catch people altering
> data after the fact. It's easy to edit the data in your running

And I agree with them. Off-site disk mirroring for disaster recovery
and backup access, and tape backups for Iron Mountain or other
off-site archival It's too easy to delete data accidentally, as well
on live mirrors. That's not just a "it can be manipulated" issue,
that's a "it can be accidentally deleted or currupted" issue. It's
partly why I like replacing local Linux messaging nservices with GMail
services: they've already done most of the tricky parts.

> servers, but its far more difficult to edit data on a tape with a well
> documented chain of custody in a timely manner and as a result its
> what usually gets overlooked if any one tries to cover any thing up.
> Also SEC auditors will make a public example of you, if your backup
> are not in order because that makes them suspect you are assisting
> someone with covering something up.

But what shows up in the SOX checklist is just that. Boxes on a
checklist. It's often quite fraudulent: just because you have a policy
that says passwords shall not be shared does not mean that a system
architect is not insisting on setting and sending new passwords in
plaintext via email "to make sure they work", despite the explicit
written policy.

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV