So what kind of VAR/VAP are you?

On October 29, 2004, in Security, by

I was on the phone earlier tonight talking to a gentlemen about security and the impact of it on the Value Added Reseller and Value Added Provider marketplace.  As I was talking to the gentlemen, he was saying that consultants tended to install the networks and then just go on to the next network.  Hmmm… not the consultants that I hang around with.  Sure there is always the revenue from the new projects, but networks need maintenance.

Now before you say, well that’s because you run a Windows network.  No.  It’s because I run a NETWORK, period.  A living, organic, working environment that needs vigilence. 

Today in the Encase, Computer forensics class, the instructor was asking one of the students about his position and the student said that most of the time his job included “firewalls”.  So the instructor said well you probably just set them up once, right?  And the student said, “No actually on a regular basis we have to examine intrusion attempts, ensure that remote access to the network has only been done by authorized employees”.  You don’t just set things up and walk away. 

Take today for example, I got a couple of alerts about Bagle varients, next month, second Tuesday we will have another Patch day to review the patches for, and on a regular basis, I would argue that you should make sure that no one has changed the network you have configured.  To ensure that a network is secure, passwords and passphrases should  be changed, the network should be scanned for rogue wireless access points, to just make sure that everything is as you left it.

Look around us.  What we consider to be secure today will not be secure tomorrow.  Already RSA has announced a Small Business push for two factor authentication.  May of the folks in the class that worked for larger firms already do this.  That’s something I’m interested in checking out.

Think about the last few years.  What we take for granted now, we did nothing like this a few years ago.  Look at just what happened Thursday in the USA.  A law went into affect called “Check 21”.  No longer will you be getting copies of your paper cancelled checks, instead you will get a “digital” image.  This of how much we email, fax, send electronically, order over the web now than we did a few short years ago.

You know what this business is like, the things you did ten years ago, five years ago are not what you do now.  Heck, did we even know what Voice Over IP was a few years ago?  And now more and more businesses are intregrating it into their networks. 

Security is not an end goal.  It’s a process.  We don’t get a map, a final destination, it’s like life…. we keep growing, learning, changing, evolving.

Over the last four days, I used computer tools to search for emails that were deleted, for documents printed.  I remounted drives that were fdisked.  I made hashes of certain files that I was looking for and ran an exam against the hard drive to see if those files that weren’t supposed to be on that hard drive, were in fact, on there.  I learned that as we were there using the Internet on our lab machines, traces of our activity, our email from our offices were leaving there traces in our Internet temp files [just another reason to never use Internet kiosk machines to check email and to only use your own computer], that while one piece of circumstancial evidence might be explained away, that the patterns and history I was finding left trails behind.

Our “digital lives“ need constant attention.  Setting networks up, of any flavor, whether Linux or Small Business Server flavors, is not just about setting them up securely right NOW.   Keeping safe on the Digital Information SuperHighway age means that you will reevaluate that network on a regular basis.

Heck look at me now, sitting in a hotel room, connected wirelessly typing up this hopefully somewhat coherent post.  It wasn’t too long ago that I was pretty much dialing up on the road.  I haven’t used the phone cable in my laptop bag in ages. 

So getting back to the point of this rambling post, I don’t think you guys just set up networks and walk away.  I think more of you guys out here are the other kind of VAR/VAP.  The one who is the Outsourced Chief Information Officer and not just “the guy [or gal] who installed the network“.


One Response to So what kind of VAR/VAP are you?

  1. Susan, you hit the nail on the head; "outsourced" CIO. We are SmB CIOs2GO. Yes many of us are the "guy/gal who installed the network." I believe these are even better. The CIO doing the work will notice "hey wait a minute I didn’t realize they actually had 4 different workgroups!" (MShome, Workgroup, Office, xyzCompany)! The Jr. Tech guy/gal might not even notice this is causing have the issues with printers needing authentication.

    I Did a Stage #1 Quick Fix yesterday for a new client. I made an inaugural backup of their beloved DataBase. I also backed up all workstations. Next, I mapped the various ports to the corresponding patch panel and switch. Found a Netgear FVS318 installed with the default admin/pwd. 1 pain point was backup…temporally solved; 2 pain point was printer names that weren’t very descriptive….partially solved; Expanding…I didn’t waste my time or their DIME renaming all 6 desktops and joining them to 1 ‘ONE’ workgroup. I as the outsourced CIO would rather educate the client and spend their money once while upgrading their network to SBS03. This is a non-profit and they are either moving in the direction of this oCIO or they are going to being firing me. 🙂

    Have you seen the CryptoCard package? Pretty sweet! They appear to be going after RSA.

    eWeek article:

    Thanks for blogging from Encase.

    SBS03 Rocks!!!