April 15, 2008 | Comments: (0)
Our security is secretly secure
I make no bones about being a bigot when it comes to routing gear. I like the company that has the bridge on the box. I also manage the world wide WAN resources of a little company that had a few billion dollars in sales last year. Even converted to euros, that's a chunk of change.
We bought a division that is outsourced to one of the big three-letter acronym companies. There is a firewall between the parent company and the new division until the turnover process is completed. As the day for turnover approached, we started asking for details on firewalls, routers, and switches. We were inundated with pictures, spreadsheets, and procedure documents but no actual useful information. I think this particular group adhered to the baffle-them-with-bull-stuff rule.
In one of our weekly time-waisting conference calls, feeling incredibly frustrated at the impending turnover with nary a solid piece of documentation, the outsourcers finally agreed to run some commands on the firewall and routers and send us the output. Being the wise guy that I am, I told them I only needed one command executed. Mind you, on this call are people who supposedly work in networking for a living. I asked for a "show tech" command to be run. I knew we were in trouble when the people on the other end asked me to e-mail them the command so they could get the spelling correctly.
For those of you who are not keenly aware of what this command does on a router or firewall, it is basically the dump-everything-including-the-kitchen-sink request.
It took them three days to respond. Their reply was that they didn't share that information. It contained proprietary information. That's like saying the alphabet has proprietary information in it. Upon reading this outrageous claim, I referred back to the massive pile of procedures they had graciously sent us. In the procedures, they were to have a firewall security audit once a year.
I ask you: How can I possibly verify their proprietary configuration is indeed the rock solid policy they say it is without out being able to actually examine it?
Posted by Anonymous on April 15, 2008 03:00 AM
RATE THIS ARTICLE:
-
- COMMENTS
Got amazing tales, real-life experiences, lessons learned the hard way, or war stories from the trenches? Share your story on this blog, or, if you prefer, by e-mail (offtherecord@infoworld.com). We ask for your name and e-mail address but that's only in case we want to contact you about publishing your story in print -- we will anonymize you here on the blog. We advise you to conceal the identity of the company and colleagues you write about, as well. If we spotlight yours on the home page, we'll send you a $50 AmEx gift cheque for your troubles.
|
TOP STORIES
Top 10 stories of the weekA new place to hide rootkits
Sun exec on OpenSolaris, Linux
AT&T: No free iPhone Wi-Fi info
MS to appeal E.U. fine
XP SP3 causes endless reboots
Vista as insecure as Win 2000
Google grilled on human rights
Java ubiquity an edge in RIA battle
The InfoWorld news quiz
ADDITIONAL RESOURCES
- Virtualization: A Step by Step Approach to Success
- Dialing up Agility with Business Transformation
- 5 Things You Need to Know About Storage Virtualization
- Virtual Test Lab Automation: Manage development infrastructure
- Improve Resource Utilization and Lower Operating Costs
- Protect Your Data with SSL
