Shawn Savadkohi wrote:
>
> I'm seeking advice on how I can persuade this dept head their machines are
> at risk.
Send him a letter acknowledging that you are bowing to his request to leave his
network segment unprotected from Internet crackers and denial of service attacks.
State your strong reservations against this decision citing recent crack/DOS reports
against the platforms/applications he is running, recent studies showing financial
losses, and sites listing recommended security practices.
Tell him you may need to shut down his network or systems in the future if they become
compromised and threaten the rest of the company's network operations or data or if
they are involved in threatening outside organizations' networks.
Then visibly carbon copy the memo to your security officer or other responsible
official. :)
> let me briefly describe what services are unprotected
By publishing that information, you may find someone helping your cause whether
you want them to or not. You might want to watch your logs carefully over the
next few days. I've had scans and probes increase after I've posted to a public
newsgroup or listserv in the past. I sure hope they have the RDS patch if they're
NT web servers and the RPC patches if they're unix servers.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
