Re: Too Paranoid?

[James Triplett <james () thelix net>]

There are two sides to this question: technical and political.
On the technical side, there may be ways (DMZ net, etc) to control
the exposure.

But, I think the most important here has to do with policies (i.e.,
politics).

You are responsible for the security of your network.  ANY vendor
who wants to put equipment on that network, not matter how big
and impressive (my bet here is we're talking about ADP)- must be
willing to demonstrate to your satisfaction that their system is secure.

Only by pushing back, can we force these behemoths to take security
seriously.  We all know that a single unsecured port is all it takes.
Even worse if that port is passing https which means you can't 
observe what's going on over that port.  

Stick to your guns!
----james

> X-AntiVirus: scanned for viruses by AMaViS 0.2x2 at thelix.net
>
> Hi,
>
> I have a particular situation at work, and I wonder if I'm being
> *too* paranoid.  I'll only be able to discuss the situation in
> somewhat vague terms because of a non-disclosure agreement.
>
> A vendor wants to install a system on our LAN that uses a MS-Win2k
> server.  This server is completely a turn-key system.  We don't touch
> it.  Proprietary server software runs on this server and proprietary
> software to talk to the server runs on one-or-more MS-Win desktops.
> They use ActiveX controls.  The server, in turn, must communicate
> through my firewall, using HTTPS, to multiple servers on the Internet
> which are, in turn under the control of yet *other* entities.  Now
> all this makes me nervous enough in the first place.  We have no
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards