Re: [fw-wiz] Worms, Air Gaps and Responsibility

From: Carson Gaspar (
Date: 05/07/04

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
    Date: Fri, 07 May 2004 01:27:15 -0400

    --On Thursday, May 06, 2004 6:43 PM -0400 "Marcus J. Ranum" <>

    > But seriously, the idea of an "isolated network" or a
    > "production network" is that you get it right and then
    > you don't F with it. By that definition, Carson's (and all
    > the other financial networks) which are in a constant state
    > of eing Fed with - can't be production networks. What
    > they're doing instead is making a business decision that
    > and they are willing to pay the price in terms of having
    > lots of highly-paid experts constantly Fing with their
    > machines. I spent my share of time consulting for the
    > stock traders and markets and I know that's how it works. ;)

    And the good financials actually have real numbers to back up that business
    decision. Flexibility and low time to market yields big dollars.

    On the other hand, they also know that they have to spend real dollars on
    security, because the cheap, easy solutions don't work well for them. They
    also have real dollar cost numbers on viruses and worms. All the non-stupid
    ones I've worked for have had excellent patch management (buy me a beer and
    I'll talk about the others ;-) ). This time, however, it was a choice
    between known server instability and possible worm. Management made a risk
    decision to escalate with MS support and wait for a better patch. Sadly,
    the worm came before the fixed patch did. Via a laptop, by the way.

    Of course, these days I'm mostly herding Linux kernels for a living (love
    that economy...), so I'm less informed on the inner workings of my current
    employer's security risk analysis.

    firewall-wizards mailing list

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"