-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Shawn,
Believe it or not your situation is more common than what you think.
My best suggestion will be to ask upper management to provide you
with the budget to hire an outside company to perform a security
review of your network from both sides:
- Outside coming in
- and an internal job
and provide you with an assessment of your network and then present
the findings to your management. You can go as far as do the
penetration test with and without the FW and this will show them the
difference.
On the issue of I can not get RealStreams anymore the only thing that
you can do is a cost analysis of the bandwidth utilization (remember
for most of these folks money talks). Other than that there's not
much you can do, if upper management eventually says just let 'em
listen to their Audio/video stream just let them, when ppl. start
bitching and moaning about network performance go to management and
tell them you would like to turn the audio/video streams off for a
few days to see if performance improves. When they see that it
actually improves most probably you'll get the support you need to
keep it off.
+------------------------------------------------------------
| Jose J. Cintron - <[EMAIL PROTECTED]>
|
| Integrated Management Services, Inc.
| 2101 Wilson Boulevard, Suite 916
| Arlington, VA 22201
|
| Phone: 703.528.0334 x323
| FAX: 703.528.3477
| Web: http://www.imsidc.com/
+------------------------------------------------------------
- -----Original Message-----
From: Keller Dennis (DDSP) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 27, 2000 14:54
To: 'Shawn Savadkohi'; [EMAIL PROTECTED]
Subject: RE: Hey, I DON'T WANT a firewall in front of my network!
Ask him how long he can afford to have his servers down (money
talks).
Also, ask him if he is prepared to answer to the CIO/CEO of the
company when
he's questioned on why his network segment was shut down because he's
an
incompentent bonehead.
Cheers,
Dennis Keller
Network Security Administrator
DDSP-Z
email: [EMAIL PROTECTED]
> -----Original Message-----
> From: Shawn Savadkohi [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 27, 2000 1:17 PM
> To: [EMAIL PROTECTED]
> Subject: Hey, I DON'T WANT a firewall in front of my network!
>
>
> Forgive me for the blunt subject heading, but unfortunately
> this is a reality I'm facing in my organization.
>
> I'm a network administrator new to firewalls and the list.
> Like so many other organizations, we have a router linking us
> to the Internet which until recently went unfiltered. I've
> successfully deployed a couple firewall devices to change
> this, but my advances in securing our private network haven't
> been met with cheers ("Hey, why can't I get my RealAudio
> streams anymore!"). In particular, there is one department
> head who holds the sentiment I shared in the SUBJECT line.
> This person insists on keeping their segment firewall-free,
> with public IP addresses on workstations and servers alike.
>
> Having been unsuccessful on my own, I'm seeking advice on how
> I can persuade this dept head their machines are at risk.
> Remember I'm dealing with a non-technical member of
> management who would gloss over at responses describing DoS,
> Land attacks, SYN flooding, Bonk/Boink, port scans, etc.
> Real-life episodes of successful hacking I imagine will work
> well. And accept my "Thanks, but no thanks" in advance if
> you'd like to offer a demonstration!
>
> At the risk of exposing too much, let me briefly describe
> what services are unprotected: two (2) HTTP servers, one (1)
> SQL database server, and an NT box that's the PDC for that segment.
>
> Thanks for your responses.
>
> -Shawn
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
iQA/AwUBOJDO78VkaoOYvfEpEQI4uQCgu0vbelOU5r8epH1RUVNH+Nnjg9sAoIqC
6N/GtafTgVzUxyNa9yMKcbSn
=9v94
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
