Firewall Wizards mailing list archives
Re: Network Traffic Violations
From: Antonomasia <ant () notatla demon co uk>
Date: Fri, 4 Sep 1998 08:00:17 +0100
Jim Wamsley 303-673-8163 <wamsljr () coltano stortek com>:
I think I have had it with some companies that are selling web based services that require you to use their home-brew package that fails to take into account the way most of us, or at least many of us are controlling our Internet access.
This is why you want your security department and purchasing department to speak to each other. Draw up a 'standards for bought software' document and make it available to vendors on request. Likely entries in this doc for common software, i.e. no specific security purpose, might be: - no preexisting files on the box are changed by installation or operation Program-specific config options belong in specific files (eg ~/.prognamerc) and not the environment, so install scripts are not tempted to mess with shell initialisation files. - installation does not require root to run sourceless binaries - any suids are not root but a single-purpose account - it works when mounted ro - it does not require weak or absent passwords, 'xhosts +' or similar Have purchasing insist that they will only buy software they are told matches your current policy, and that you can have your money back if the vendor is found to have lied. (If your internal customers lie they will be the ones who spent the money and end up without a working product, which might be considered a fitting punishment by itself.) With the cooperation some vendors will provide your transition to free software is accelerated, so you win either way. -- ############################################################## # Antonomasia ant () notatla demon co uk # # See http://www.notatla.demon.co.uk/ # ##############################################################
Current thread:
- Network Traffic Violations Jim Wamsley 303-673-8163 (Sep 03)
- Re: Network Traffic Violations Colin Campbell (Sep 06)
- Re: Network Traffic Violations Ken Hardy (Sep 06)
- Message not available
- Re: Network Traffic Violations Marcus J. Ranum (Sep 07)
- Message not available
- Re: Network Traffic Violations Rick Smith (Sep 09)
- <Possible follow-ups>
- Re: Network Traffic Violations Antonomasia (Sep 06)
- Re[2]: Network Traffic Violations Mike Baxter (Sep 07)
- Re: Network Traffic Violations Bill_Royds (Sep 10)
- RE: Network Traffic Violations jrtietsort (Sep 10)
- RE: Network Traffic Violations Ted Doty (Sep 11)
- RE: Network Traffic Violations Rick Smith (Sep 11)
- RE: Network Traffic Violations Ted Doty (Sep 13)
- RE: Network Traffic Violations Rick Smith (Sep 13)
- RE: Network Traffic Violations David Lang (Sep 14)
- RE: Network Traffic Violations Dominique Brezinski (Sep 15)
- RE: Network Traffic Violations Rick Smith (Sep 11)