RE: A new concept for security management?

["Keenan Smith" <kc_smith () clark net>]

Thanks for that answer and all the other good information from everyone.

I'm coming to the conclusion that one of the following 3 things is true:

1.  I wasn't clear about what my client wants
2.  What he wants doesn't exist
3.  What he wants doesn't exist because it can't or if it did, it would be
too hard/expensive to manage

I don't believe that 3 is true, so that leaves either 1 or 2.

My client doesn't want to invest in the cost of securing his network (where
have I heard THAT before?!?!) or the cost/effort of maintaining that
security.  Yes, just as most clients, he wants everything without having to
pay for any of it.  That aside, what my client wants, as best as I
understand it, is VPN access to an existing, secure network.  All access to
the outside world would be via that network.  This means that the only thing
that has to run on the client machines is the VPN client, everything else
would be handled by the network.  That way, all the standard security stuff
would be available, without the pain or cost of handling it himself.

Obviously, a typical network in a typical company would not allow an unknown
user to connect to their backend network, but I thought that there might be
a service of some sort that supplies that type of function.  Based on what
I've taken from this list and other research that I've done, something like
I describe doesn't exist, at least as a service that could be purchased.

I suppose the question is now, why not?  It seemed like a good idea when my
client asked me about it.  Am I missing something or did I just drink too
much last night?

Thanks all.
KC Smith



-----Original Message-----
From: Chris Berry [mailto:compjma () hotmail com]
Sent: Friday, May 30, 2003 5:48 PM
To: security-basics () securityfocus com
Subject: Re: A new concept for security management?


> From: "Keenan Smith" <kc_smith () clark net>
> I've been contracted to build the infrastructure, as it were, for a small
> company.
>
> Right now, they've got a single computer hooked up to a cable modem.  No
> security and little LAN functionality.
>
> They want to add 5 computers, for a total of 6 and network them together,
> all having access to the Internet.
>
> Not a big problem, if they had an IT staff or even any technical ability at
> all.  However, these folks are newbies to technology and can't afford to
> hire anybody to manage it for them.  Creating a LAN is no problem.  A
> bare-bones firewall or Linksys-type router to provided NAT functionality
> and
> they're off and running.  What they'd still be missing is active security.
>
> So I started looking around at the MSSPs (Managed Security Service
> Provider)
> as a possible security solution.  My thought was that I could create a
> bare-bones LAN for the company and let an MSSP provide the security.
>
> However, after researching MSSPs for a while, they all seem to provide the
> same basic function: they manage/monitor your network and security devices.
> That implies that the company would have to buy a firewall, intrusion
> detection of some sort and a virus scanner before an MSSP could come into
> play.
>
> My question is this:  is there an MSSP (or some other acronym) that
> provides
> security as a service?  My thought is to provide a secure tunnel from this
> company's LAN to a remote LAN.  The remote LAN would be secure and managed
> and provide that service for a monthly fee.
>
> Is there anything like that out there or am I stuck trying to sell a
> complete security solution of some sort to this company?
>
> Thanks in advance for any help.

Well there are three(four) things that are ABSOLUTELY necessary:
1) Anti-Virus software with auto-updating (assuming windows boxes).  I
recommend Norton Corporate
2) Firewall protection.  I'd say the IPCOP package is probably about as easy
as it's going to get, even a totally clueless person can run the updates.
3) Backups.  Show them how to use Zipcentral, and Nero with a cd-rom burner
4) Auto-updating OS patches, for MS setup the auto-update feature, for
linux, it depends on the distro, for example Mandrake make a cron job that
runs urpmi.

This will take care of 95% of their needs nearly automatically.  I take care
of two companies, one of which only has five employees, and they're using
that exact setup.  I almost never have to do anything for them, the manager
their can handle it (and he's not super technical or anything).  I'd also
recommned that you use the IPCOP box to set up a VPN, and get them some kind
of consultant for on call support, he can then use VNC over the VPN to do
any remote fixing they need.  This is obviously no the only (and maybe not
even the best) solution, but it's very cheap, and pretty effective.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"All I want is a few minutes alone with the source code for the universe and
a quick recompile."

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus


---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------