Comments on: Feds scramble to meet data breach deadline

Deadline for federal agencies' policies for dealing with data breaches approaches and it's not yet clear whether everyone will be done in time.

[weegg]

blind and incompetent

The federal gov't. Enough said!

[ralfthedog]

How to do network security.

1. Do not use windows or OS-X for your servers. If you want to be secure you MUST run servers on an OSS operating system, you MUST be able to do a custom compile.

2. Figure out the smallest number of services you can run on your servers. Compile a version of the OS that only has those services.

Do not install any outside software if there is any way to avoid it. It is very important to start at 0 and add stuff, not start with stuff and remove what you don't need.

3. Test this configuration. If your client software breaks because you left something off, try to get around using the client software. Adding things back to the server should be a painful last resort.

4. Train everyone. The most likely place for a breach is not your computers, but the people who use them. Test them on policy. Make sure they know what to do, and make sure they do it.

Let people know that if they make a mistake, they are not in trouble as long as they let you know right away. Everyone makes mistakes.

[Hardrada]

Security and HDD Encryption

Simple. If you use the products from Utimaco, specifically SafeGuard easy and Lenovo laptops, (which the gov't already does) you simply use the fingerprint reader only (risky) and implement the password for the admins only. No users can login without the fingerprint reader.

Done.