The problem is not that these companies are not employing
Data/network/computer security people, it's the people that they are
employing. I have seen several companies where the security admin was
(or still is) the mainframe security admin (AKA RAC-F programmer). Most
of the mainframe security people that I have dealt with have been
clueless about PCs and LANs (No, not you! don't get all fired up) -
generally in organizations where they feel it is cost effective to pay a
50% premium for a "Compaq" or "IBM" sticker on a PC. Many "big
business" companies have yet to figure out that PCs and Mainframe are
completely different animals and need to be approached with a different
state of mind.
Whether to use a COTS or home-brew firewall is a business decision.
Having a security admin that is not thoroughly familiar with the
PC/Mainframe is as stupid as having a CIO that barely knows how to turn
on a computer (don't laugh, I can name a few of them).
- just my 25000 bits worth
>From: Benedikt Stockebrand[SMTP:benedikt @
>Sent: Saturday, August 17, 1996 8:12 AM
>Cc: Firewalls Mailing list
>Subject: Re: No More Unlimited User Licenses Please...
>Russ <Russ .
>> And please don't jump on me saying you can do it yourself
>> cheaply; education costs, book costs, software costs, hardware costs,
>> labor costs (even if it is one of your own employees), then add the cost
>> of the risk that it hasn't been done properly, then add the costs
>> associated with losing the person who rolled it....it adds up and can be
>> just as expensive if not more than buying a premade solution.
>This all surely holds for small companies with moderate security
>problems. But these expenses may be a minor problem: From a certain
>size on any reasonable company with serious security concerns will
>consider a ``computer/network security expert'' a cheap insurance (as
>compared to ``physical'' security personnel for example). Rolling
>your own firewall gets you a better understanding than using pre-built
>stuff, provided you've got the time to do it properly. But big
>business may be unable to wait for your hand-rolled firewall to go
>operational. Time is money, and sometimes lots of it.
>Ben(edikt)? Stockebrand Runaway ping.de Admin---Never Ever Trust Old
>My name and email address are not to be added to any list used for
>purposes. Any sender of unsolicited advertisement e-mail to this
>plicitly agrees to pay a DM 500 fee to the recipient for proofreading