Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
From: Frank Pawlak <fpawlak () wi rr com>
Date: Fri, 26 May 2006 08:05:19 -0500

This is most probably why I got out of the business a couple years 
ago.  I was very frustrated with trying to sell the Idea of doing it 
right.  Miss the geek factor of the work tho.  I must start reading 
Dilbert again.

At 05:57 AM 5/26/2006, you wrote:

Frank Pawlak <fpawlak () wi rr com> wrote:


I agree that the security industry is all but dead, but what are the
big financial firms, or perhaps the gov using for security

You mean financial firms like the ones that we keep hearing about
suffering from data breaches/loss/theft?  You mean the government that
gets consistently low "grades" for systems security?

When an end-user at a business I know of recently experienced trouble
following instructions setting up a laptop on a WPA wireless network,
an upper-level manager was alleged to have asked why it was so much
more difficult than things like WiFi hot spots.  When told it was
because the company network was more secure, said manager replied
"Well, maybe we need to reduce our security."

There's a reason Dilbert is so popular.  I think its partly humour and
partly horrified fascination.  Now imagine the processes that pass for
"thinking" by management, reflected in Dilbert's world, applied to
network security and what do you suppose you get?  Well, you get things
like this: There is a certain very large manufacturing firm (that shall
remain unnamed) that's struggling financially.  Said large firm's
network has been seriously... uh... negatively impacted by...  uh...
"security breaches" (I'm being purposefully vague out of necessity)
multiple times.  For reasons *I* find inexplicable, they continue using
the systems that are getting "owned" out of some misguided (IMO) view
that they're "cost effective."  With "thinking" like that, is it any
wonder the firm in question is struggling?

It's hard enough keeping up with, much less keeping ahead of, the bad
guys as it is.  Now add being hobbled by the kind of people that do not
understand what networks and network security is all about, do not
*want* to understand, and fail to heed the recommendations of those who
do understand.

I'm not really bitter, jaded or cynical.  I am pretty disgusted, tho.

Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.linxnet.com/scform.php>.
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]