Firewall Wizards mailing list archives
Re: Too Paranoid?
From: Dave Piscitello <dave () corecom com>
Date: Sun, 29 Sep 2002 20:45:45 -0400
Brief postscript to my earlier mail, partly in response to Fred. And Fred's right that "should" was a keyword...Most vendors, even many security vendors, don't appreciate the full picture in even the smallest of real world deployments. But I failed to mention that in the scenario I mentioned where the SCO box was "wide open", we audited the system, listed our concerns, and gave them not to the engineers and ops folks, but the sales person.
It was *his* BMW on the line, in return for *our* security peace of mind. Your sales rep can often be your champion in your vendor's shop. In this case,we asked them to make what I'd consider reasonable efforts to harden the SCO box, and we came to agreement on a configuration that would minimize fallout should their box be compromised. Wasn't perfect, but it was far better than the "accept as is" configuration.
At 08:10 PM 9/29/2002 -0400, Frederick M Avolio wrote:
Most reputable vendors behave just as this one does. They are certain it is Not So Bad. And in their mind, it is not. Because all they know is firewalls make things secure and it can work with the firewall in place, as long as you poke a hole or two through it.
David M. Piscitello Core Competence, Inc. & 3 Myrtle Bank Lane Hilton Head, SC 29926 dave () corecom com 843.689.5595 www.corecom.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Too Paranoid? Jim Seymour (Sep 29)
- Re: Too Paranoid? Paul D. Robertson (Sep 29)
- Re: Too Paranoid? James Triplett (Sep 29)
- Re: Too Paranoid? R. DuFresne (Sep 29)
- Re: Too Paranoid? Dave Piscitello (Sep 29)
- Re: Too Paranoid? Frederick M Avolio (Sep 29)
- Re: Too Paranoid? Dave Piscitello (Sep 29)
- Re: Too Paranoid? Bennett Todd (Sep 30)
- Re: Too Paranoid? Adam Shostack (Sep 30)