Security Basics mailing list archives
RE: A new concept for security management?
From: "Chris Berry" <compjma () hotmail com>
Date: Mon, 02 Jun 2003 18:27:10 -0700
From: "Keenan Smith" <kc_smith () clark net> Thanks for that answer and all the other good information from everyone. I'm coming to the conclusion that one of the following 3 things is true: 1. I wasn't clear about what my client wants 2. What he wants doesn't exist 3. What he wants doesn't exist because it can't or if it did, it would be too hard/expensive to manage I don't believe that 3 is true, so that leaves either 1 or 2. My client doesn't want to invest in the cost of securing his network (where have I heard THAT before?!?!) or the cost/effort of maintaining that security. Yes, just as most clients, he wants everything without having to pay for any of it. That aside, what my client wants, as best as I understand it, is VPN access to an existing, secure network. All access tothe outside world would be via that network. This means that the only thingthat has to run on the client machines is the VPN client, everything else would be handled by the network. That way, all the standard security stuff would be available, without the pain or cost of handling it himself.Obviously, a typical network in a typical company would not allow an unknownuser to connect to their backend network, but I thought that there might be a service of some sort that supplies that type of function. Based on what I've taken from this list and other research that I've done, something like I describe doesn't exist, at least as a service that could be purchased. I suppose the question is now, why not? It seemed like a good idea when my client asked me about it. Am I missing something or did I just drink too much last night?
I've never heard of a service like that. I can think of several reasons why it probably wouldn't be a good idea:
1) It would be slow2) The clients workstations would not be secured, therefore the network they connect to would have a vulnerability. (and a fairly serious one at that)
3) It would cost too much. Basically you're just going to have to tell them:1) Security is not FREE, the goal is to minimize expenses, not eliminate them. 2) You can manage your own security, or someone else can do it, but having no one do it is not an answer. 3) Even if you set them up with perfect security today, it will need updating by someone knowledgeable at least monthly (and that's pushing it).
If they can't understand all that, then recommend that they cut their internet connection, that's about the only way to be reasonably secure through isolation these days.
Chris Berry compjma () hotmail com Systems Administrator JM Associates"All I want is a few minutes alone with the source code for the universe and a quick recompile."
_________________________________________________________________Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: A new concept for security management? Chris Berry (Jun 01)
- RE: A new concept for security management? Keenan Smith (Jun 02)
- Re: A new concept for security management? Anders Reed Mohn (Jun 10)
- <Possible follow-ups>
- RE: A new concept for security management? sanjay . patel (Jun 01)
- RE: A new concept for security management? Roland (Jun 02)
- RE: A new concept for security management? Chris Berry (Jun 03)
- RE: A new concept for security management? Keenan Smith (Jun 02)