Our security is secretly secure

analysis

Apr 15, 20082 mins

I make no bones about being a bigot when it comes to routing gear. I like the company that has the bridge on the box. I also manage the world wide WAN resources of a little company that had a few billion dollars in sales last year. Even converted to euros, that's a chunk of change. We bought a division that is outsourced to one of the big three-letter acronym companies. There is a firewall between the parent com

I make no bones about being a bigot when it comes to routing gear. I like the company that has the bridge on the box. I also manage the world wide WAN resources of a little company that had a few billion dollars in sales last year. Even converted to euros, that’s a chunk of change.

We bought a division that is outsourced to one of the big three-letter acronym companies. There is a firewall between the parent company and the new division until the turnover process is completed. As the day for turnover approached, we started asking for details on firewalls, routers, and switches. We were inundated with pictures, spreadsheets, and procedure documents but no actual useful information. I think this particular group adhered to the baffle-them-with-bull-stuff rule.

In one of our weekly time-waisting conference calls, feeling incredibly frustrated at the impending turnover with nary a solid piece of documentation, the outsourcers finally agreed to run some commands on the firewall and routers and send us the output. Being the wise guy that I am, I told them I only needed one command executed. Mind you, on this call are people who supposedly work in networking for a living. I asked for a “show tech” command to be run. I knew we were in trouble when the people on the other end asked me to e-mail them the command so they could get the spelling correctly.

For those of you who are not keenly aware of what this command does on a router or firewall, it is basically the dump-everything-including-the-kitchen-sink request.

It took them three days to respond. Their reply was that they didn’t share that information. It contained proprietary information. That’s like saying the alphabet has proprietary information in it. Upon reading this outrageous claim, I referred back to the massive pile of procedures they had graciously sent us. In the procedures, they were to have a firewall security audit once a year.

I ask you: How can I possibly verify their proprietary configuration is indeed the rock solid policy they say it is without out being able to actually examine it?

Data Management

by InfoWorld Anonymous

Follow InfoWorld Anonymous on X

Since 2005, IT pros have shared anonymous tech stories of blunders, blowhard bosses, users, tech challenges, and other memorable experiences. Send your story to offtherecord@infoworld.com, and if we publish it in the Off the Record blog we'll send you a $50 American Express gift card -- and, of course, keep you anonymous. (Note that by submitting a story to InfoWorld, you give InfoWorld Media Group, its affiliates, and licensees the right to republish this material in any medium in any language. You retain the copyright to your work and may also publish it without restriction.)