Firewall Wizards mailing list archives
Re: Too Paranoid?
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sun, 29 Sep 2002 13:24:47 -0400 (EDT)
Even with this system cordoned-off to the DMZ, is this not where the lawyers come into play to establish a responsibility clause into the SLA such that any lose or expense incurred due to a compromise of the server they maintain on your DMZ or their system/network that cause such lose and expense to you due to a compromise is their responsibility finacially to cover, perhaps with additional penalties under such circumstances? Thanks, Ron DuFresne On Sun, 29 Sep 2002, James Triplett wrote:
There are two sides to this question: technical and political. On the technical side, there may be ways (DMZ net, etc) to control the exposure. But, I think the most important here has to do with policies (i.e., politics). You are responsible for the security of your network. ANY vendor who wants to put equipment on that network, not matter how big and impressive (my bet here is we're talking about ADP)- must be willing to demonstrate to your satisfaction that their system is secure. Only by pushing back, can we force these behemoths to take security seriously. We all know that a single unsecured port is all it takes. Even worse if that port is passing https which means you can't observe what's going on over that port. Stick to your guns! ----jamesX-AntiVirus: scanned for viruses by AMaViS 0.2x2 at thelix.net Hi, I have a particular situation at work, and I wonder if I'm being *too* paranoid. I'll only be able to discuss the situation in somewhat vague terms because of a non-disclosure agreement. A vendor wants to install a system on our LAN that uses a MS-Win2k server. This server is completely a turn-key system. We don't touch it. Proprietary server software runs on this server and proprietary software to talk to the server runs on one-or-more MS-Win desktops. They use ActiveX controls. The server, in turn, must communicate through my firewall, using HTTPS, to multiple servers on the Internet which are, in turn under the control of yet *other* entities. Now all this makes me nervous enough in the first place. We have no_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Too Paranoid? Jim Seymour (Sep 29)
- Re: Too Paranoid? Paul D. Robertson (Sep 29)
- Re: Too Paranoid? James Triplett (Sep 29)
- Re: Too Paranoid? R. DuFresne (Sep 29)
- Re: Too Paranoid? Dave Piscitello (Sep 29)
- Re: Too Paranoid? Frederick M Avolio (Sep 29)
- Re: Too Paranoid? Dave Piscitello (Sep 29)
- Re: Too Paranoid? Bennett Todd (Sep 30)
- Re: Too Paranoid? Adam Shostack (Sep 30)