Dialogue on Web Security

The Amorphous Moral to The Story


The credit card client seemed to feel there wasn't any real security experience or expertise here. I suggested we define that in practical terms. First, every nation on the planet has documented a profound relative lack of so-called internet security expertise. Bearing in mind the public web's only been around for about 6 or 7 years, how do we define "expertise"? That client founded, operated and sold off an ISP. I wonder if he's considered an "ISP expert"?

If the "science" of web security is such a well established discipline of walking thru the yellow pages, why don't you and I know the names of the top ten firms or people who are the cream of the crop? Right now, if you have an e-security emergency, you'd be tempted to hire a hacker or two (with or without a criminal record) to assess and stop the intrusions. If this weren't so, you (the client) and I wouldn't be having this conversation.

In any case, what about a good start-up web security system?

First i preamble (also know as a helpful hint): when it comes to internet security, the biggest thing the man-on-da-street has trouble graspin' is that IT IS AN ON- GOING OPERATION ya know what i mean? it's like the difference between a fence and a night watchman... when it comes to your corporate intranet... the books... da secret info, etc... do ya want just a fence? or just a night watchman? or both?

we can come in and just set up a fence (firewall)... but, what happends if the hacker brings a pair of wire cutters with him? and you can take the analogy a lot further if ya like... how high a fence, etc... but, no matter what kinda fence you build, if someone wants in bad enough....

that's why i strongly suggest that no one ever buy a firewall off the shelf... that's like buying a picket fence... hehehe.... not only that, but the fence will d-tear-e-or- ate... within 30 days.

thus, the need for fencengineer... someone to keep the barrier strong... and if the fencengineer can also act as a night watchman - double bonus... that is becuase we are the fencengineers, that are human... well, we can see... and think, etc... and put the patches in da firewall, watch the traffic in and out, set-up routing tripwires, and on and on... why the last time i caught a hacker it was cause i saw him loggin... i watched him with my own eyes.

'd like to be able to explain all the things we do as fencengineers... but as you can see, there are many, many, many things that i can "notice"... and it's not just one person... its many... we have plenty o' friends on patrol....

as to our conversations about credit card transactions, etc. : 1) if you have a great firewall and great firewalligists keeping it strong, you can feel pretty safe on your intranet 2) at least for now... don't have any wires connecting your "most important information" to the internet... unless you are prepaired to face the con-sick- quenches

so, on with an example of what "it" costs... this was a low-ball offer, cause we want the business... and we have to bid against people who are only selling the fences... not maintaining them... and i can not sell a fence to someone when i know it will fall apart within the month... and when i know it won't do the job by itself... ya need the night watchman... it's the wild west out here

that said, here is an example of a security-laced web start-up service kit:

a typical proposal for a mid-size outfit... these people happin' to be a chain of like 30 grocery stores... they wanna hook up their corp. headquarters to the internet

Website/Access Proposal

I. Website upgrade:

Web pages similar to the hard copy supplied by client shall be created and added to client.com domain.

A. Graphics are to be provided in jpeg format by The Customer. GWCC will provide up to one hour consultation to aid in this process at no additional charge.
B. Marketing
1. Marketing within our 80+ domain names (such as, philanet.com, buylow.com and familyshopping.com) which includes links from appropriate businesses and community indexes, as well as, banner bar advertising campaigns. Traffic will be monitored by our webmaster and marketing specialist with the intent of driving potential customers to your site.
2. Additional marketing will consist of, but not be limited to, the following:
a. Posting to appropriate search engines, directories, newsgroups, hotlists, business guides, and other indexing services.
b. Applying for award recognition at sites such as Magellan, Looksmart and Net guide.
c. Print, radio and/or television advertising support.

One time set-up of $600.00

Note: All text is to be provided to us in ASCII text format (email or floppy disk).

II. ISDN:

An unmetered high-speed (approximately 128 Kbps) line, including necessary hardware and software connecting The Customer's headquarters to the Internet will be provided.
A. The monthly usage charge - $301.50
B. Hardware and set-up - $4191.70

III. Administration

A. Email
1. $1.00 per account per month
2. 30 email boxes
B. Security: A firewall for the ISDN connection will be established at GWCC's location.
1. Set-up - $5,500
2. Monthly maintenance - $680.00
Note: 180 day notice required prior to cancellation.

now, once you have da right firewall and the on-going, you still may wanna be real careful with some things...


  • C:/ Dialogue Prompt: Gaping Chasms in Web Perspectives
  • Brass Tacks: Credit Card Transactions
  • The Amorphous Moral To The Story
  • The Truth Is Out There: Just Ignore It If You Dare
  • Brass Tacks II: Houston, We Have A Problem...
  • Global Web Sec Topography

    Web Sec Dialogue Index