Home page logo

basics logo Security Basics mailing list archives

Re: Opinions sought...How much information is to much to "give away"?
From: ChayoteMu <chayotemu () gmail com>
Date: Wed, 29 Jun 2005 14:31:41 -0700

I would think the main risk of giving too much information would be on
how specific you are about numbers 2 and 3. If you just say something
like "We have a mix of Windows 2k, XP workstations, *ix and Win2k3
servers." then you're not giving that much information there. For
number 3 it's a bit more tricky. If you've just said "we use seperate
solutions for firewall, IDP, remote access, etc such as company X
device Y and a few others" then I don't see that as much of a problem.
I would ensure that the article gives plenty of specific info for the
software, how well it's worked and all of that, but unless it's direct
to that and necessary to make sense of how you use their package I
wouldn't give any more information. Then again I am a bit paranoid so
I'm assuming this article is going out to the wide open public.

On 6/29/05, Kevin Kasner <tkevink () gmail com> wrote:
My backup vendor recently interviewed me for an article because I'm
using their encryption package.  They have sent me the article for
review, so I still have a chance to change how much information is

In the course of the article, several things are revealed about my environment:
1)  My backup solution & what types of data are encrypted in my back
ups (ie: customer data, AD/LDAP info, databases, server O/S's), and
that I have off site storage of tapes
2)  My OS mix (ie: Windows, ...)
3)  the fact that I have "separate solutions" for firewall, IDP,
remote access, and network monitoring
4)  Who we are and what city we are located in.

So...I'm looking for some honest opinions on whether I'm giving away
too much info.


"To catch a theif, think like a theif. To catch a master theif, be a
master theif."

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]