RE: A new concept for security management?

["Chris Berry" <compjma () hotmail com>]

> From: "Keenan Smith" <kc_smith () clark net>
> Thanks for that answer and all the other good information from everyone.
>
> I'm coming to the conclusion that one of the following 3 things is true:
>
> 1.  I wasn't clear about what my client wants
> 2.  What he wants doesn't exist
> 3.  What he wants doesn't exist because it can't or if it did, it would be
> too hard/expensive to manage
>
> I don't believe that 3 is true, so that leaves either 1 or 2.
>
> My client doesn't want to invest in the cost of securing his network (where
> have I heard THAT before?!?!) or the cost/effort of maintaining that
> security.  Yes, just as most clients, he wants everything without having to
> pay for any of it.  That aside, what my client wants, as best as I
> understand it, is VPN access to an existing, secure network.  All access to
> the outside world would be via that network.  This means that the only 
> thing
> that has to run on the client machines is the VPN client, everything else
> would be handled by the network.  That way, all the standard security stuff
> would be available, without the pain or cost of handling it himself.
>
> Obviously, a typical network in a typical company would not allow an 
> unknown
> user to connect to their backend network, but I thought that there might be
> a service of some sort that supplies that type of function.  Based on what
> I've taken from this list and other research that I've done, something like
> I describe doesn't exist, at least as a service that could be purchased.
>
> I suppose the question is now, why not?  It seemed like a good idea when my
> client asked me about it.  Am I missing something or did I just drink too
> much last night?

I've never heard of a service like that.  I can think of several reasons why 
it probably wouldn't be a good idea:

1) It would be slow
2) The clients workstations would not be secured, therefore the network they 
connect to would have a vulnerability.  (and a fairly serious one at that)
3) It would cost too much.

Basically you're just going to have to tell them:

1) Security is not FREE, the goal is to minimize expenses, not eliminate 
them.
2) You can manage your own security, or someone else can do it, but having 
no one do it is not an answer.
3) Even if you set them up with perfect security today, it will need 
updating by someone knowledgeable at least monthly (and that's pushing it).

If they can't understand all that, then recommend that they cut their 
internet connection, that's about the only way to be reasonably secure 
through isolation these days.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"All I want is a few minutes alone with the source code for the universe and 
a quick recompile."

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


---------------------------------------------------------------------------
----------------------------------------------------------------------------