Re: [tlug] linux@example.com How many widely can we do that?

["Stephen J. Turnbull" <stephen@example.com>]

vanzaj writes:

 > I'm not sure if it's because I'm a foreigner or our IT are really
 > clueless,

If you're in Japan, I'm afraid that your IT is probably poorly trained
and clueless.  My own university's IT policy is wrong-headed and
insecure, there are lots of posters saying "use virus checkers, don't
use Winnie" but no audits for open or weakly encrypted wireless.  The
central computing policy committee's rules allow SSH, TLS services,
and IPSec through the firewall to any machine.  So there's no way for
them to know what services are being provided by inside machines on
ports 22, 443, etc without actually examining the machines.  Yes, that
goes for dynamic IPs, as well, at least in my own department.
Obviously we've had no success in hiring security expertise.

On the educational side, we have a couple of faculty who bill
themselves as security specialists, but they don't publish any papers
(and I don't think it's because that would bring them to the
unfavorable attention of the US CIA).  The students I've talked to
don't even really know there's a whole field of security.  It's not
taught as a speciality though there are some courses in specialized
stuff like digital steganography (I think the faculty are just hiding
their porn in collections of ukiyo-e) and new cryptosystems.

So my guess would be that if companies have any decent security
people, they have to train them up themselves.