Re: Too Paranoid?

[Frederick M Avolio <fred () avolio com>]

At 01:57 PM 9/29/2002 -0400, Dave Piscitello wrote:
> Totally in agreement.
>
> Any reputable vendor should appreciate this, and should be willing to explain
> what security measures they have implemented to your satisfaction, or if
> not to your satisfaction, willing to work to resolve differences between their
> security posture and what your policy requires.

Which planet would you be talking about? Key word in this, of course, is 
"should." Most probably it is "can't" because "never thought of it." Most 
reputable vendors SHOULD but don't.

Most reputable vendors behave just as this one does. They are certain it is 
Not So Bad. And in their mind, it is not. Because all they know is 
firewalls make things secure and it can work with the firewall in place, as 
long as you poke a hole or two through it.

I don't envy you and hope you have a pretty good policy in place you can 
point to. Otherwise you are in between that vendor and the users who want 
to use that vendor is selling. Worst case is the solution is already 
purchased and you not only have the users clammering for it, but the person 
in the company who chose it now will be on your case because you are making 
him look bad as well. God help you if it is some executive vice president.

All the suggestions, so far are great, and Dave's comments are, of course, 
right on target.

Those you you out there who are not in this position should play the game 
"what if it were me, what if it was here?"

Do tell us how it turns out.

Fred
Avolio Consulting, Inc.
16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US
+1 410-309-6910 (voice) +1 410-309-6911 (fax)
http://www.avolio.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards