RE: Small ISP/ASP security concerns
From: Bruce Fowler (bfowler_at_hvp.com.au)Date: 07/19/01
- Vorherige Nachricht: Ken Pfeil: "RE: Any Recommendations for Intrusion Vulnerability Assessment?"
- Vielleicht als Antwort auf: Nicholas Janzen: "Small ISP/ASP security concerns"
- Nächste im Thread: SecLists: "Re: Small ISP/ASP security concerns"
- Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]
Nicholas,
From what you have reported, the only justification you could provide would
have to center around risk to their pocket --- or more specifically, risk to
their business survival! And even then, it may take a real-life "event" for
them to take heed of your advice - unfortunately in majority of cases, this
will be too late. My advice; if they won't listen, start posting to
securityjobs_at_securityfocus.com - your opportunities in such a neive
environment will be limited as will likely the life of the company.
Cheers,
Bruce Fowler
-----Original Message-----
From: Nicholas Janzen [mailto:nj_at_third-net.com]
Sent: Thursday, July 19, 2001 5:02 AM
To: security-basics_at_securityfocus.com
Subject: Small ISP/ASP security concerns
The company i work for is a small ISP/ASP.
This company doesn't understand the risks associated with what they are
doing, they constantly come to me to open up their firewall, so the latest
conviences will work.
I have often showed them how easy it is for hackers to come in and view
what data pases through, as well as how easy it is for me to 'break' into
these servers/desktops.
I value security greatly, at a previous I had been involved in security to
a large degree.
My question is, How can i convience these users that security is more than
just "a job for everyone else".
Before i started working here they were foreced to get a security audit by
a 3rd party. They were able to lie their way around the questions and
therefore passing the audit. This was very bad, because now they have a
false sence of security.
thanks for your help.
----------------------------------
| Nicholas Janzen |
| Third-Net.Com INC |
| Visit http://www.third-net.com |
| for more information about us |
----------------------------------
CAUTION - This message may contain privileged and confidential information
intended only for the use of the addressee(s) named above. If you are not
the intended recipient of this message you are hereby notified that any
use, dissemination, distribution or reproduction of this message is
strictly prohibited. If you have received this message in error please
notify the sender immediately.
Any views expressed or implied in this message are not necessarily those of
Han*** Victorian Plantations Pty Limited, its Subsidiaries,
Representatives or Agents.
- Vorherige Nachricht: Ken Pfeil: "RE: Any Recommendations for Intrusion Vulnerability Assessment?"
- Vielleicht als Antwort auf: Nicholas Janzen: "Small ISP/ASP security concerns"
- Nächste im Thread: SecLists: "Re: Small ISP/ASP security concerns"
- Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]
