Actually, execs like to see an immediate threat. If you start recording
some of the 'bad' traffic being directed your way, compile it into a
reasonable report (foils), you'll probably get further. Risk is a
difficult thing to demonstrate to those who don't believe it exists for
them, that is, unless the person expressing concern over the risk is a
stockholder or the press.
If you can monitor BO discover scans, various DOS sorts of traffic,
etc. on the INTERNET side of your router, you may have a better chance
of making a point.
My 2c.
"Intrinsically lazy, therefore creative"
PGP Fingerprint: 22 68 D5 18 7F 3D D2 28 38 97 90 97 17 55 61 59
GPG Fingerprint: D5C0 2D79 F517 EEB6 D30B 58B3 9E37 E7CA 47A9 56EE
Opinions expressed here do not necessarily express the opinions of
Mentor Graphics or it's subsidiaries.
>
> ----- Original Message -----
> From: "Shawn Savadkohi" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, January 27, 2000 2:17 PM
> Subject: Hey, I DON'T WANT a firewall in front of my network!
>
>
> > Forgive me for the blunt subject heading, but unfortunately this is a
> reality I'm facing in my organization.
> >
> > I'm a network administrator new to firewalls and the list. Like so many
> other organizations, we have a router linking us to the Internet which until
> recently went unfiltered. I've successfully deployed a couple firewall
> devices to change this, but my advances in securing our private network
> haven't been met with cheers ("Hey, why can't I get my RealAudio streams
> anymore!"). In particular, there is one department head who holds the
> sentiment I shared in the SUBJECT line. This person insists on keeping
> their segment firewall-free, with public IP addresses on workstations and
> servers alike.
> >
> > Having been unsuccessful on my own, I'm seeking advice on how I can
> persuade this dept head their machines are at risk. Remember I'm dealing
> with a non-technical member of management who would gloss over at responses
> describing DoS, Land attacks, SYN flooding, Bonk/Boink, port scans, etc.
> > Real-life episodes of successful hacking I imagine will work well. And
> accept my "Thanks, but no thanks" in advance if you'd like to offer a
> demonstration!
> >
> > At the risk of exposing too much, let me briefly describe what services
> are unprotected: two (2) HTTP servers, one (1) SQL database server, and an
> NT box that's the PDC for that segment.
> >
> > Thanks for your responses.
> >
> > -Shawn
> >
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
