Don't think of this as a small scale issue. Design "security zones" providing the requirements for the enterprise, the vendor and external connectivity. An ASP environment is a long way toward that goal.
If the company you work for is serious about security, they will be willing to foot the bill for a completely independent network security zone for the vendor application(s). Contact the most appropriate vendor for your firewall (Checkpoint comes to mind) and discuss the options with the vendor. Then, make sure you log everything important in the firewall.
Another completely independent network that makes sense to have available is a management network. Separate from the "data network" and definately in a different security zone. It should be a separate "security zone" from your general data network. It might also make sense to connect to it only by VPN. This network would contain all of the SNMP and console activity. This can be built on a general network using GRE tunnels (IPSec if you really desire security) and/or extended with L2TP. At the very least, you would have sufficient logging in the VPN and system to track vendors activity.
I would also consider building a completely separate non-routed network for backup. Offload all backups to a network that doesn't touch any other environment.
Also, if a vendor wrote a program that can only run as su -, find another vendor. Their application was written unrealistically.
So, in the end state, you'll be running multiple networks. Keep it simple, separated, secure and logged.
10.2 Billion? Does that bother anyone else?
on
Gone Phishing?
·
· Score: 2
Don't get me wrong, I believe this to be a serious issue. BUT, every time there is a problem like this, the price tag to those unfortunate scammed or wormed or virii'd is an amount of money that seems a little rediculous. Seriously, 10.2 billion? 10.2 billion what?
At issue is the devisive understanding of the nature of light. We attribute both particle and wave to light as we see fit, when it can be either or both.
Special relativity for the masses is an absurd generalization. There is no doubt that mathematical abstractions of nature are limited to what can be seen, touched and measured. So, let us not forget that the measurement of the "real world" may be limited by the understandings of multi-dimensional mathematics, not just the portion of the universe that we touch.
Slashdot Mirror
Don't think of this as a small scale issue. Design "security zones" providing the requirements for the enterprise, the vendor and external connectivity. An ASP environment is a long way toward that goal. If the company you work for is serious about security, they will be willing to foot the bill for a completely independent network security zone for the vendor application(s). Contact the most appropriate vendor for your firewall (Checkpoint comes to mind) and discuss the options with the vendor. Then, make sure you log everything important in the firewall. Another completely independent network that makes sense to have available is a management network. Separate from the "data network" and definately in a different security zone. It should be a separate "security zone" from your general data network. It might also make sense to connect to it only by VPN. This network would contain all of the SNMP and console activity. This can be built on a general network using GRE tunnels (IPSec if you really desire security) and/or extended with L2TP. At the very least, you would have sufficient logging in the VPN and system to track vendors activity. I would also consider building a completely separate non-routed network for backup. Offload all backups to a network that doesn't touch any other environment. Also, if a vendor wrote a program that can only run as su -, find another vendor. Their application was written unrealistically. So, in the end state, you'll be running multiple networks. Keep it simple, separated, secure and logged.
Don't get me wrong, I believe this to be a serious issue. BUT, every time there is a problem like this, the price tag to those unfortunate scammed or wormed or virii'd is an amount of money that seems a little rediculous. Seriously, 10.2 billion? 10.2 billion what?
At issue is the devisive understanding of the nature of light. We attribute both particle and wave to light as we see fit, when it can be either or both. Special relativity for the masses is an absurd generalization. There is no doubt that mathematical abstractions of nature are limited to what can be seen, touched and measured. So, let us not forget that the measurement of the "real world" may be limited by the understandings of multi-dimensional mathematics, not just the portion of the universe that we touch.