Re: RE: Online Security Services and Continous Risk Management (fwd)

[Michael Williams <mike () netxsecure net>]

"R. DuFresne" wrote:
> For those currently letting others maintain various aspects of their
> network, perimeter, inner-soft-chewy-center, etc;  Would you be concerned
> to find the company doing the maintainance work for you mostly via open
> text channels via the internet?  <open text channels meaning; regular
> telnet/ftp/tftp seesion, no encryption, no direct, closed back channel
> (i.e. dedicated circut)>  Have the issues of sniffers and IP spoofing
> become a non-worry these days really?
>
> How many out there are aware of other companies providing outsourced
> maintainance of the networking services of others, doing so with the same
> disregard for eavsdropping and potential compromise as described above?

Yes if I was the customer I would be very concerned, we do remote
maintenance and support for mixed platform firewall and proxy servers
and would *never* allow open text channels!, strong encrypted SSH
tunnels with RSA authentication into trusted hosts and TCP forwarding
does everything we need and provides the security our customers expect.

The real problem seems to be more of a lack of understanding about
security issues at the management level where decisions are made, so
often the focus seems to be on getting a wide area type link working
over the Internet as the achievement rather than an auditable secure
level connection that is then monitored on a regular basis.

Mike.

-- 
Michael A. Williams
NetXSecure NZ Limited, www.netxsecure.net
Ph.+64.9.278.8348, Fx.+64.9.278.8352, Mb.+64.21.99.5914

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards