Remember we are talking about classified intelligence systems and large IT organization infrastructure (Google, Yahoo, Apple) here (in the original Supermicro post).
That would be information whose unauthorized disclosure would cause grave or exceptional grave harm (definition of secret and top secret) to the National Security of the United States. Seems like that warrants a default deny all (which is DoD and NSA policy). I would argue that ANY datacenter server should be protected that way unless it is intended to be publicly accessible. Steven Naslund >To be fair, the idea that your security costs shouldn't outweigh >potential harm really shouldn't be controversial. You don't spend a >billion dollars to protect a million dollars worth of product. > >That's hardly trolling.
