Re: [fw-wiz] Worms, Air Gaps and Responsibility

From: Devdas Bhagat (devdas_at_dvb.homelinux.org)
Date: 05/07/04

  • Next message: Paul Van Noord: "Re[2]: [fw-wiz] Worms, Air Gaps and Responsibility" 
    To: firewall-wizards@honor.icsalabs.com
Date: Fri, 7 May 2004 11:42:34 +0530

    On 06/05/04 17:05 -0400, Jim Seymour wrote:
    > Devdas Bhagat <devdas@dvb.homelinux.org> wrote:
    > >
    > > On 06/05/04 10:34 -0400, Paul D. Robertson wrote:
    > [snip]
    > > >
    > > > I understand where you're coming from, I'd just like to see us all make
    > > > more coordinated and extensive efforts to revisit the "connectivity trumps
    > > > all" mantra.
    > > Let me ask a harder question: How do you get the horse to drink?
    > > Connectivity shows profits in the balance ***. Security shows up as
    > > expenses. Lack of downtime does not show up.
    >
    > I don't give management options. Or, more accurately, the only options
    I wish.
    /me ships Jim's management colourful brochures full of snake oil about
    one point management and security. "YOU DO NOT NEED A SKILLED
    ADMINISTRATOR TO RUN THIS POINT AND CLICK SECURITY APPLICATION."
    And slightly less educated management.

    Which brings up the original question, how do you educate this type of
    management?

    > I give them are ones with a level of security with which I'm
    > comfortable. "Comfortable" == I take *personal* ownership of its
    > functionality and its security, 24x7x365. If they should happen to
    > discover, through no fault of my own, there's a "cheaper," less-secure
    > way, and they want to force me to implement it: Fine. I'll do it. But
    > when the wheels fall off (not "if," but "when"): Don't be callin' *me*
    > in the middle of the night, over the weekend, or while I'm on vacation,
    > cryin' about it.
    >
    > >
    > [snip]
    > >
    > > Note that having one cheap administrator dedicated to cleaning up viruses
    > > often works out cheaper than having an antivirus everywhere and kept up
    > > to date.
    > [snip]
    >
    > My work domain isn't all that big, but even *I* can't agree with that.
    Said company currently spends about 800 USD to 1000 USD on maintaining a
    team of 5 people in three round the clock shifts for running a 400+ node
    Windows LAN. Dedicating /one/ of these administrators to cleaning up
    viruses is cheaper than having antivirus everywhere.

    Flip the people/system costs and you will see what I mean. Bodies are
    cheap, systems are not.

    <snip lots of good points>

    Devdas Bhagat
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Paul Van Noord: "Re[2]: [fw-wiz] Worms, Air Gaps and Responsibility"