is not necessarily only a MS Windows-caused phenomenon. Not that Redmond is w/o a hand in this; do you recall the "network is the computer" version of The Road Ahead before it was revised to embrace the Intenet?
Unfortunately, I have seen several sites have to resort to this default open policy because they do not have an accurate inventory of all the client-server systems that are used on their network. Coupled with a lack of support from upper mgmt for security before convenience, many IT depts cannot politically afford to stop IT operations with a deny:all and then wait for the hollering. Particularly in research, academic and healthcare institutions where the power of the wallet is distributed to the department-level, and the prevailing culture is "I know best"... there are often rogue systems that qualify as legacy because they pre-date (and probably were directly caused by) any meaningful centralized IT support, let alone a strong focus on infosec/IA.
Unfortunately, I have seen several sites have to resort to this default open policy because they do not have an accurate inventory of all the client-server systems that are used on their network. Coupled with a lack of support from upper mgmt for security before convenience, many IT depts cannot politically afford to stop IT operations with a deny:all and then wait for the hollering. Particularly in research, academic and healthcare institutions where the power of the wallet is distributed to the department-level, and the prevailing culture is "I know best"... there are often rogue systems that qualify as legacy because they pre-date (and probably were directly caused by) any meaningful centralized IT support, let alone a strong focus on infosec/IA.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1867/806#806