Home page logo
/

basics logo Security Basics mailing list archives

Re: Opinions sought...How much information is to much to "give away"?
From: Raymond Lillard <rlillard () sonic net>
Date: Wed, 29 Jun 2005 15:05:59 -0700

Kevin Kasner wrote:
My backup vendor recently interviewed me for an article because I'm
using their encryption package.  They have sent me the article for
review, so I still have a chance to change how much information is
disclosed...

In the course of the article, several things are revealed about my environment: 1) My backup solution & what types of data are encrypted in my back
ups (ie: customer data, AD/LDAP info, databases, server O/S's), and
that I have off site storage of tapes
2)  My OS mix (ie: Windows, ...)
3)  the fact that I have "separate solutions" for firewall, IDP,
remote access, and network monitoring

I would avoid ANY discussion of my face toward the Internet that
is traceable to you or your company.  No discussion of firewalls,
intrusion detection, virus and spam filtering, VPN solutions ...
nothing.  No pictures that include your outward facing machines
either.  If they want a pix of your data center, I'm sure you can
arrange to keep internal machines in and all others out.

A simple sentence that you have "separate solutions" for external
security is IMHO OK, so long as no specifics are mentioned.

4)  Who we are and what city we are located in.

So...I'm looking for some honest opinions on whether I'm giving away
too much info.

The vendor does need enough from you to make the article
real, and I would feel comfortable talking about their
product so long as it did not touch item #3 above.

Just my opinion.

Ray



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault