Management vs. IT staff (was: Re: IPS vs. Firewalls)

["Patrick M. Hausen" <hausen () punkt de>]

Hi, all!

On Thu, Feb 02, 2006 at 07:00:08PM +0300, ArkanoiD wrote:

> IPS can be (and are being) successfully evaded by fragmentation attacks.
> Even worse, signature-based approach is flawed anyways. Internet protocol
> security relies on managing data flow, not on trying to find "attacks" in it.
> There is zillion ways to do bad things and no IPS can handle it.
>
> (I'd even say that anyone who seriously claim that IPS can replace firewall
> is stupid moron with lack of understanding even security basics, and if
> those people are allowed to make technical decisions your company has damn
> big management problems)

Now, what a clever marketing pull to call these devices
"Intrusion Prevention Systems", wasn't it?

They prevent intrusions, don't they? No, I'm not blaming any
CEO for not knowing better - with the notable exception of
the CEOs of companies selling IT security products or
services. Even VPs of IT or whatever they may be called
need not know much technical detail if the company is big
enough to justify several levels of management hierarchy.

But I do blame CEOs for making decisions on certain products
a "strategic" issue and part of their domain at all!

IMHO this is one of the main reasons for many bad products in
the field. Remember MS ads: "The network that doesn't need an admin ..."
Stuff like that makes me want to bang my head against a wall.

I'm not old enough to have real experience here, but my impression
is that in-house expertise and knowledgeable employees were
valued much higher 20 years ago than they are now.

Current management schools seem to focus on "processes" and
"standard products" with the explicit goal of making
employess replaceable. Once the processes are perfect,
you might as well hire monkeys for the job.

There seems to be a deep distrust in the people that run the
IT departments and their opinions on technical subjects.
In jumps salesrep of $VENDOR claiming "Box XY will solve
all your problems automatically and think of all the
money to save, when you are not dependent on expensive
expert workers anymore".

IMNSHO specifically investing in human beings instead of
products is the only way to save us in the long run.
Not only in IT security, but many of the problems we are
facing today in Western European societies are (again IMHO)
a direct result of preferring automation and fancy technology
over people. Politicians and managers alike seem to have a
big fear of relying on somebody.

Make the streets safer? Don't buy surveillance cameras and
face recognition software - hire more intelligent and
motivated cops and treat and pay them well enough to
stay motivated and not prone to bribing.
Problems with public education? Use computers
at elementary school? Bull! Hire motivated teachers.

'nuff said.

Kind regards,

Patrick M. Hausen
Leiter Netzwerke und Sicherheit
-- 
punkt.de GmbH         Internet - Dienstleistungen - Beratung
Vorholzstr. 25        Tel. 0721 9109 -0 Fax: -100
76137 Karlsruhe       http://punkt.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards