The credit card client seemed to feel there wasn't any real security
experience or expertise here. I suggested we define that in practical
terms. First, every nation on the
planet has documented a profound relative lack of so-called internet
security expertise. Bearing in mind the public web's only been around
for about 6 or 7 years, how do we define "expertise"? That client
founded, operated and sold off an ISP. I wonder if he's considered an
"ISP expert"?
If the "science" of web security is such a well established discipline of walking thru the yellow pages, why don't you and I know the names of the top ten firms or people who are the cream of the crop? Right now, if you have an e-security emergency, you'd be tempted to hire a hacker or two (with or without a criminal record) to assess and stop the intrusions. If this weren't so, you (the client) and I wouldn't be having this conversation.
In any case, what about a good start-up web security system?
First i preamble (also know as a helpful hint): when it comes to internet security, the biggest thing the man-on-da-street has trouble graspin' is that IT IS AN ON- GOING OPERATION ya know what i mean? it's like the difference between a fence and a night watchman... when it comes to your corporate intranet... the books... da secret info, etc... do ya want just a fence? or just a night watchman? or both?
we can come in and just set up a fence (firewall)... but, what happends if the hacker brings a pair of wire cutters with him? and you can take the analogy a lot further if ya like... how high a fence, etc... but, no matter what kinda fence you build, if someone wants in bad enough....
that's why i strongly suggest that no one ever buy a firewall off the shelf... that's like buying a picket fence... hehehe.... not only that, but the fence will d-tear-e-or- ate... within 30 days.
thus, the need for fencengineer... someone to keep the barrier strong... and if the fencengineer can also act as a night watchman - double bonus... that is becuase we are the fencengineers, that are human... well, we can see... and think, etc... and put the patches in da firewall, watch the traffic in and out, set-up routing tripwires, and on and on... why the last time i caught a hacker it was cause i saw him loggin... i watched him with my own eyes.
'd like to be able to explain all the things we do as fencengineers... but as you can see, there are many, many, many things that i can "notice"... and it's not just one person... its many... we have plenty o' friends on patrol....
as to our conversations about credit card transactions, etc. : 1) if you have a great firewall and great firewalligists keeping it strong, you can feel pretty safe on your intranet 2) at least for now... don't have any wires connecting your "most important information" to the internet... unless you are prepaired to face the con-sick- quenches
so, on with an example of what "it" costs... this was a low-ball offer, cause we want the business... and we have to bid against people who are only selling the fences... not maintaining them... and i can not sell a fence to someone when i know it will fall apart within the month... and when i know it won't do the job by itself... ya need the night watchman... it's the wild west out here
that said, here is an example of a security-laced web start-up service kit:
a typical proposal for a mid-size outfit... these people happin' to be a chain of like 30 grocery stores... they wanna hook up their corp. headquarters to the internet
Website/Access Proposal
I. Website upgrade:
Web pages similar to the hard copy supplied by client shall be created and added to client.com domain.
A. Graphics are to be provided in jpeg format by The Customer.
GWCC
will
provide up to one hour consultation to aid in this process at no
additional
charge.
B. Marketing
1. Marketing within our 80+ domain names (such as,
philanet.com,
buylow.com
and familyshopping.com)
which includes links from
appropriate
businesses and community indexes, as well as, banner
bar advertising campaigns. Traffic will be monitored by our
webmaster and marketing specialist with the intent of driving
potential customers to your site.
2. Additional marketing will consist of, but not be
limited to, the
following:
a. Posting to appropriate search engines,
directories,
newsgroups, hotlists, business guides, and other indexing
services.
b. Applying for award recognition at sites
such as Magellan,
Looksmart and Net guide.
c. Print, radio and/or television advertising
support.
One time set-up of $600.00
Note: All text is to be provided to us in ASCII text format (email or floppy disk).
II. ISDN:
An unmetered high-speed (approximately 128 Kbps) line, including
necessary
hardware and software connecting The Customer's headquarters
to the Internet will be provided.
A. The monthly usage charge - $301.50
B. Hardware and set-up - $4191.70
III. Administration
A. Email
1. $1.00 per account per month
2. 30 email boxes
B. Security: A firewall for the ISDN connection will be
established at GWCC's
location.
1. Set-up - $5,500
2. Monthly maintenance - $680.00
Note: 180 day notice required prior to
cancellation.
now, once you have da right firewall and the on-going, you still may wanna be real careful with some things...