Re: Opinions sought...How much information is to much to "give away"?

[Raymond Lillard <rlillard () sonic net>]

Kevin Kasner wrote:
> My backup vendor recently interviewed me for an article because I'm
> using their encryption package.  They have sent me the article for
> review, so I still have a chance to change how much information is
> disclosed...
>
> In the course of the article, several things are revealed about my environment: 
> 1)  My backup solution & what types of data are encrypted in my back
> ups (ie: customer data, AD/LDAP info, databases, server O/S's), and
> that I have off site storage of tapes
> 2)  My OS mix (ie: Windows, ...)
> 3)  the fact that I have "separate solutions" for firewall, IDP,
> remote access, and network monitoring

I would avoid ANY discussion of my face toward the Internet that
is traceable to you or your company.  No discussion of firewalls,
intrusion detection, virus and spam filtering, VPN solutions ...
nothing.  No pictures that include your outward facing machines
either.  If they want a pix of your data center, I'm sure you can
arrange to keep internal machines in and all others out.

A simple sentence that you have "separate solutions" for external
security is IMHO OK, so long as no specifics are mentioned.

> 4)  Who we are and what city we are located in.
>
> So...I'm looking for some honest opinions on whether I'm giving away
> too much info.

The vendor does need enough from you to make the article
real, and I would feel comfortable talking about their
product so long as it did not touch item #3 above.

Just my opinion.

Ray