|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: How to get better security people
<snip> > What is the right mindset for ISP security. It seems to be a little > different from the traditional security mindset found in the corporate > or military security world. A lot of sharp people with that background > try to move into ISP security, but they often have a difficult time > making the transition. ISPs are often in the position of having almost a conflict of interest when compared to enterprises. The idea of the Internet (and therefore ISPs) is about openness and the ability to connect to anything, anywhere. Enterprises must take almost the opposite stance of "deny all that which is not expressly permitted". ISPs have many customers and each customer has their own opinion about security. How many posts did we have recently asking which providers were filtering things like port 80 and port 25? The sad fact is that mucking up what was intended to be an open network drives away customers and there will always be someone else down the street waiting to take the customer's money who won't do it. I struggle with this myself. I don't like the idea of having routers with huge, complicated access lists all over the network. But I don't like the idea of being hammered by a DoS attack either. So, I suggest that the *best* security people are those that can actually quantify risks vs benefits, and who approach things with an "even keel". I've talked with companies that think the primary job qualification for security professionals is that they be obnoxious, ill-tempered, bark at people for no apparent reason, and write nazi-like policies that stand no chance of being adhered to. Bottom line: There is a business to run. Security people who don't understand that are worthless in my opinion, no matter how technically savvy they are. > But are the students really getting the right training for working in > a public network such as an ISP? You can lead a horse to water, but you can't make him drink. The best forum for security education is trial by fire. -- Tim Irwin, Sr. Network Engineer Architecture & Engineering BellSouth.net, Inc. e-mail: [email protected] office: 678.441.7951 "The plain and simple truth is rarely plain and never simple." --Oscar Wilde
|