Saturday, October 07, 2006

Security Implementation is not about BrandName

I have to write this since I feel sick with brand name products that kills my brain. Talking about network security implementation, we can always listen people who are brainless discussing about how powerful those commercial appliances - either firewall, ids or whatever commercial hype terms are. Those companies used to release old technologies with their powerful packaging idea. Due to that lots of enterprises start to believe and trust them for their network security deployment.

Outsourcing is another trend that follow up to provide all kind of network security services. Those third party vendors who provide the network security services also form alliance with the companies that selling their so called brand name security devices. We can see that this trend will be the future indeed.

Lots of enterprises start to buy in those vendors to plan and deploy their network security structure, and then hiring all the dumb system admin to maintain their workstation and fixing small network issues, and they can play blaming to the third party vendors if their security deployment is broken somewhere.

Now come back to the topic, yes and those third party vendors will deploy those branded network security devices such as ciscock, junipet, and so forth since those devices can do A to Z, but my point here should be no matter what kind of security devices you have, the problem occurs if you have faulty network security implementation. I do know those security service provider will plan properly so that they can maintain their business consistency. But I do believe one thing - trust your internal sysadmin and network admin when comes to network security implementation. They are the one who know and understand what is running in the network, yeah you may tell me how about internal threats however this is not in my discussion here.

I'm open source centric person, but I just don't want to compare what open source security applications can do comparing to commercial branded name applications here. It will only create stupid flame war which I don't want, I'm just try to awake those dumbass(enterprises?) when comes to implement your network security.

- Think brain > brand

- Network & Service profiling(Trust your internal sysadmin and netadmin for this)

- Plan, plan & more plans(Discussion of your tech team with vendors maybe)

- Implementation & Deployment(Never ask for what kind of brand name devices that they can provide, asking what kind of security implementations they can deploy which suits your network)

- Never trust non-tech people to discuss with security service providers - they are the dumbass!

- No undertable - corruption used to happen because those dumbass will accept money from security provider for their buy in especially if those dumpass are one of decision maker and hey, that's easy money.

- Don't think buying 100K branded firewall can cover your ass!

- Improve over time based on the changes of your network architectures

I have seen and talk to lots of technical department managers out there, apparently they are coming from management or business background, ouch! You shouldn't have hired this kind of people at the first place. Those talkers can't do all the tech stuffs but bullshiting a lot. Kick them out of the room, please!!!!! By the way don't tell me you have CISSP, I don't bother.

To those people who insist believe a very good brand name products can survive todays threats, I can tell you that yeah, the products may not suck but you suck of believing those marketing hypes.

For those people who work as real sysadmin|netadmin|secadmin, saluteeeeee!

Happy Ranting :]


GuTi said...

Damn, I hate rant man.

Salute our geek00l, he has just been kicked in the ass...or already for a long long time? :p

Anonymous said...

this is just another amazing rant by geek00l. as always, keep up the good work(rant)! :D

Lightstar said...

I SOOO agree with you d00d. hahaha. kick those dumb marketing MORONS out of tech decision making. They THINK they understand but in reality they are just talking cock.

Anonymous said...

- Don't think buying 100K branded firewall can cover your ass!

good point!

Anonymous said...

rant always , u ah :-)

C.S.Lee said...

While people think I'm ranting, I think I'm telling the truth :]

Unknown said...

Haha :) You seemed to pissed off with sick-cock's PIG-Firewall do you ;)