[AusNOG] Aus Industry Congratulations Email

Robert Hudson hudrob at gmail.com
Tue Sep 6 10:07:57 EST 2016


On 6 Sep 2016 8:58 AM, "paul+ausnog at oxygennetworks.com.au" <
paul+ausnog at oxygennetworks.com.au> wrote:
>
> Are you serious Robert ?

Very much so.

> The lowest grant is $10k from what I could see, $10k will be a pretty
decent populated NAS from the ones I have seen lately, jeeze you can buy an
entry level HP San with a couple of 10G cards for servers and a couple of
TB of storage as well for $20-$25k, I mean seriously, this is just data
storage, it just needs a decent NAS with redundancy, you don’t even need
encryption on the device.

You really think that?

This is sensitive data. This data requires that it is reliably stored in a
resilient fashion and in a manner where the integrity of the data is
protected - think "CIA" from an information security perspective.

At a minimum, I would expect multiple copies of the data in secure
physically separate locations (to guarantee confidentiality and
availability), stored in a WORM fashion (to ensure integrity).

To fail to provide this is to fail in the duty of care.
>
> Good on the people who have been legitimate in their requests, they
should be applauded for being honest in their requirements, and realistic.

I agree. I have concerns that the low-end figures aren't actually enough to
do this to a base acceptable level.
>
> We submitted our DRIP which was then approved and we said that we will
control access to data with username and password and encrypt any backups
of the data as well, they were happy with that.

There is detail to that implementation plan that determines whether it is
appropriate - I am not saying yours is not, but given some of the security
advice thay has come out of fed govt departments in recent times, I wonder
how good the AGs Dept has been at judging this themselves.
>
>
>
> Personally I think people have taken this whole thing out of context
because it was so grey in its delivery so everybody has just gone crazy
with buying everything they need to upgrade their network or do everything
they possibly can to retain that information to be 110% sure they are
complying with something that nobody can really be sure about, not to
mention how much people will probably spend on lawyers to cover their arses.

I am sure that is the case in many circumstances. But in some cases, it
looks like the solution is very much being gold plated.
>
>
>
> We are relatively small but do quite a few different things, we have an
approved drip with some pretty simple stuff in it, more or less it’s to
store our radius logs, mail logs, CDR’s and a few other bits and pieces,
they even rejected our storing of customer changes in our customer
portal/CRM as they said that it wasn’t a relevant service/not needed, and
it even says that you need to retain changes to credit cards, addresses,
etc for accounts in the policy so I don’t know what that was about but I
have an approved document which says I don’t need to do it and as far as
I’m concerned that’s all that matters.
>
>
>
> I personally really can’t see how some people could possibly be
legitimately spending or needing to spend the type of money they have been
granted based on our approved DRIP.

I think we agree here. :)
>
> One thing I can be sure of though, everybody will have invoices from
somewhere to justify their costs.

The question is whether the people they have to justify it to are
appropiate judges of this. Given the apparent disparity in grant fund
approval, I have concerns here.
>
>
>
> Anybody need some DR Consulting work done ??  LOL

I am sure some people absolutely need this. :)
>
>
>
> Regards
>
> Paul
>
>
>
> From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Robert
Hudson
>
> Sent: Tuesday, 6 September 2016 7:52 AM
> To: Skeeve Stevens
> Cc: <ausnog at lists.ausnog.net>
>
> Subject: Re: [AusNOG] Aus Industry Congratulations Email
>
>
>
> Just over $128m for 180 recipients, or an average or over $700k per
recipient.  A number of the lower-end figures wouldn't purchase a decent
SME NAS with disks in it...
>
>
>
> On 5 September 2016 at 23:33, Skeeve Stevens <
skeeve+ausnog at eintellegonetworks.com> wrote:
>
> All,
>
>
>
> The list:
https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DRIGP-recipients.pdf
>
>
>
> I am absolutely stunned by this list and how much people asked for - and
got.
>
>
>
> Sure, there are people who needed the money to comply, but I think a lot
of people are taking advantage of the system and should be ashamed of
themselves for how much they asked for.
>
>
>
> Yes, the government did a shit job, but this is community money - needed
for us to comply with a stupid law. Not a slush fund for people to build up
their business.
>
>
>
> Universities - I don't understand. System Integrators - bullshit. VoIP
providers, you are are already logging call details - why do most of you
need anything?
>
> If everyone IT integrator in the country claimed, we'd have over 2k-3k
applicants and no one getting much at all.
>
>
>
> I think a lot of people are buying new networking equipment with these
funds. I am not sure the fund was designed to build the networks of ISPs.
>
>
>
> Some of the massive requests are astounding and begs the question "WHAT
are people buying with it?"
>
>
>
> I think the AG make all the applications public since they've made the
result public. We need context to some of these extremely excessive
allocations.
>
>
>
> There is no jealousy here. There is a dozen of my customers on the list,
but all mostly realistic.
>
>
>
> Those that say we should just move on have no respect for the stewardship
of these resources.
>
>
>
> Bring on the flames.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160906/4dd0099f/attachment.html>


More information about the AusNOG mailing list