mailing list archives
Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
From: jseymour () linxnet com (Jim Seymour)
Date: Fri, 26 May 2006 06:57:02 -0400 (EDT)
Frank Pawlak <fpawlak () wi rr com> wrote:
I agree that the security industry is all but dead, but what are the
big financial firms, or perhaps the gov using for security
You mean financial firms like the ones that we keep hearing about
suffering from data breaches/loss/theft? You mean the government that
gets consistently low "grades" for systems security?
When an end-user at a business I know of recently experienced trouble
following instructions setting up a laptop on a WPA wireless network,
an upper-level manager was alleged to have asked why it was so much
more difficult than things like WiFi hot spots. When told it was
because the company network was more secure, said manager replied
"Well, maybe we need to reduce our security."
There's a reason Dilbert is so popular. I think its partly humour and
partly horrified fascination. Now imagine the processes that pass for
"thinking" by management, reflected in Dilbert's world, applied to
network security and what do you suppose you get? Well, you get things
like this: There is a certain very large manufacturing firm (that shall
remain unnamed) that's struggling financially. Said large firm's
network has been seriously... uh... negatively impacted by... uh...
"security breaches" (I'm being purposefully vague out of necessity)
multiple times. For reasons *I* find inexplicable, they continue using
the systems that are getting "owned" out of some misguided (IMO) view
that they're "cost effective." With "thinking" like that, is it any
wonder the firm in question is struggling?
It's hard enough keeping up with, much less keeping ahead of, the bad
guys as it is. Now add being hobbled by the kind of people that do not
understand what networks and network security is all about, do not
*want* to understand, and fail to heed the recommendations of those who
I'm not really bitter, jaded or cynical. I am pretty disgusted, tho.
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.linxnet.com/scform.php>.
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com