Firewall Wizards mailing list archives
Re: iso 17799
From: "J. Oquendo" <sil () kungfunix net>
Date: Wed, 21 Jul 2004 18:03:50 -0500 (EST)
So what is wrong with a repository of information for those people to mine as needed? Too small a group? Not worth the effort? Hey if your issue is with big companies, lots of little ones exist on the net and they get hacked too.
Firstly I do not possess any certs, never had time to take them. Maybe I should get, likely I won't as my time consists of work work work. Info repositories have their pros and cons. Pros: They can serve as a base and offer "some" information. Cons: a) How does that information provided apply to your network when your network is likely to differ across the board. b) Information overload. Most information repositories are bloated as many companies have become (or a least tried to become) the "de-facto" source of compsec. CERT, HERT, Bugtraq, f00b4r.org, and anyone else willing to dump a site on the net.
From my perspective, if I were a CTO, CSO, or other nifty little acronymed
officer in a company in charge of hiring, I would shoot for the geek as opposed to: John Fooblah MCSE, CCNP, CISSP, ABCD, EFGH 212-555-1212 It comes from my experience in the field that reading and memorizing a book and passing an exam does not qualify everyone as being "in the know" for any tailored cert. (CCNA, CCNP, CCIE for networking for example) Some time ago I recall having a conversation with a friend in the compsec field who worked at a Fortune500 really big company. According to my friend, his company paid to have their employees take the cert exams and had those taking the test memorize as much as they could to recreate the exams in order for the next workers to pass them with ease. Big business in certifications. Think about a company where the entire sysadmin/compsec admin was certified to the tee. That would be the company a CTO, CEO, CFO _INSERT_OTHER_TITLE_HERE would hire. "Wow they're all certified they must know."
Yes, the ideas work, like I said in the post, I've tried many of them. I'm not sure why you brought the $100,000 doo-dad into the picture in the first place. I assumed it was because you feel education won't help as people want to buy the magic bullet and move on.
Many ideas and plans will work, and many won't, many will work with modifications to them. They're baseline ideas. How many ideas have you had to tweak on your own, and how many will have to be re-tweaked when you see something come up on Bugtraq next week?
Yes, no kidding, we'd all like the magic bullet, now what's really in the bag?;) Seriously some people fall for marketing hype, some don't, some people just want to get through the day and some plan well in advance, people vary.
One of the factors I can recall when my title was "Security Product Engineer" (go figure that title out) was, most of the products we used, resold, etc., gave the client a sense of security. Not security in the sense that this was the all in one answer, but the sense of security knowing if the **** hit the fan, they had a number for support and didn't have to rely on waiting for a reply an admin had to shoot off to somewhere () somelist foo or jump on irc #foobarhelp.
There are some of us interested in doing a good job and we don't believe in magic bullets. We also think it is stupid to have ten people solve the same problem ten times. How about we try, the first guy solves it, the remaining 9 tweak his solution for their environment and we expend 5-8 times effort instead of 10 times effort?
Too many hands in the pot... However that saying goes. Again, I would rely on the geek for a quick solution as the geek is the one who has to operate the system at the end of the line. Geek meaning someone well versed all around not just someone who wants to plunk down a couple of grand for a network analyzer when tcpdump, snoop and others are available freely. How well versed are your geeks ;)
And people wonder if it isn't possible to come up with a 'standard'. I don't believe a true rigid standard will work, my network is different from Paul's and different from yours, my solution will be at least slightly different. HOWEVER, I do believe if I saw how you did it and how Paul did it, it MIGHT save me thinking time.
There can be no standard from my view, only an outline as you clearly state things differ across the line and the services you run, and how you run them will not be the same. What do you do with legacy that you cannot recreate? You make do, work with what you have and if you're inexperienced, then you get someone who knows, or you look for a guideline. As someone in the field how many standards have been created, modified, changed? What standard could anyone possibly propose on a realistic level.
<sigh> I guess I'm a do gooder ;). No seriously, it is vested self interest. We do OK, but the more of the others I can keep from being hacked the less I get pounded on. It IS possible that a virus/worm/#$%^@ may attack my net before the vendor releases the patch or before I apply it.
Again, this is where your geek comes in. Do you have monitoring set up correctly, efficiently? Whenever I'm on a machine I have this odd habit of tail -f'ing and awk'ing logs to hell in order to pay attention to what is going on in real-time. Of course this pertains to a specific machine, and I still do it if that specific machine is running auditing software. Sure you can keep a vigilant eye to what's going on on your network. Set up your own programs along with what's available. Waiting for the patch fairy isn't going to do much. Are you or your geeks experienced enough to know what's what. I would go on, but work calls. Besides, this entire thread seems to have veered off course like the SS Minnow. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D sil @ politrix . org http://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net "How can we account for our present situation unless we believe that men high in this government are concerting to deliver us to disaster?" Joseph McCarthy "America's Retreat from Victory" _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: iso 17799, (continued)
- Message not available
- Re: iso 17799 Frederick M Avolio (Jul 21)
- Re: iso 17799 Dana Nowell (Jul 21)
- Message not available
- Re: iso 17799 Frederick M Avolio (Jul 22)
- Re: iso 17799 Dana Nowell (Jul 23)
- Re: iso 17799 ArkanoiD (Jul 26)
- Re: iso 17799 mlh (Jul 27)
- Re: iso 17799 Marcus J. Ranum (Jul 27)
- Re: iso 17799 Dana Nowell (Jul 28)
- Re: iso 17799 George Capehart (Jul 21)
- Re: iso 17799 Julian Gomez (Jul 23)
- Re: iso 17799 Victor Williams (Jul 25)