Re: Botnets, IRC servers and firewalls?

[Mark Tinberg <mtinberg () securepipe com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 4 Feb 2004, Marcus J. Ranum wrote:

> Chris Blask wrote:
> > Don't ask me exactly how to tell them "effectively"
>
> It involves a cattle prod or one of those dog-training shock collars.  ;)

I'm no expert, but it seems to me that if the technical staff is
implementing a policy of passive resistance after you, as a consultant,
leave then getting buy-in by the CIO or CTO is not enough.  This appears
to be the most difficult part of the problem.  I think that the examples
given so far also show that the top-down approach of "do it my way because
I know better" is not effective in the long term, the only way that you
are going to increase the computer security of an organization is if
across the board the technical staff are with you and they _WANT_ to do it
of their own volition.

- -- 
Mark Tinberg <MTinberg () securepipe com>
Network Security Engineer, SecurePipe Inc.
New Key fingerprint = FAEF 15E4 FEB3 08E8 66D5  A1A1 16EE C5E4 E523 6C67
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQFAIq76Fu7F5OUjbGcRAoTNAJsFtbfzcpQMDouRnLc8pS1D4lu//ACgxCNM
1JCWfzt1waSilRSt53xwrcI=
=qANL
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards