Options
Bosses want to send raw Pix configurations to outside ISP
jfmcaninch
Member Posts: 54 ■■□□□□□□□□
in Off-Topic
Hi All,
My bosses want me to send 5 raw pix's configuration to an ISP company, unprotected, to provide us an assessment of our security and firewall protection. They were engaged to quote on a new WAN, LAN (switches only) solution and data center requirements. I don't see the point on why they need these configurations to do a quote, they could just ask me more specific questions like licensing etc. The ISP has not signed a confidentially agreement and most likely we will be choosing some else for WAN services, but my bosses are trying to appease the President of the company.
I have protested that this is highly confidential and sensitive to our company and should not be distributed w/o a confidentiality agreement or signed contract to use their services.
I told my bosses that I accept no responsibility for network breaches from the Internet if they release these documents.
Am I right or missing the mark? Has anybody else had bosses like this?
My bosses want me to send 5 raw pix's configuration to an ISP company, unprotected, to provide us an assessment of our security and firewall protection. They were engaged to quote on a new WAN, LAN (switches only) solution and data center requirements. I don't see the point on why they need these configurations to do a quote, they could just ask me more specific questions like licensing etc. The ISP has not signed a confidentially agreement and most likely we will be choosing some else for WAN services, but my bosses are trying to appease the President of the company.
I have protested that this is highly confidential and sensitive to our company and should not be distributed w/o a confidentiality agreement or signed contract to use their services.
I told my bosses that I accept no responsibility for network breaches from the Internet if they release these documents.
Am I right or missing the mark? Has anybody else had bosses like this?
Currently studying for 70-410 hoping to write June 2016 with end goal of MCSE:Server Infrastructure
Comments
-
Options
Paul Boz
Member Posts: 2,620 ■■■■■■■■□□
Security audits are nothing new. The fact that there's no confidentiality agreement or anything is weird though.CCNP | CCIP | CCDP | CCNA, CCDA
CCNA Security | GSEC |GCFW | GCIH | GCIA
pbosworth@gmail.com
http://twitter.com/paul_bosworth
Blog: http://www.infosiege.net/ -
Optionsblackmage439
Member Posts: 163
I agree with you both.
Your company has no knowledge or garauntee who will be handling the PIX configs over at the ISP. This is inherently dangerous, with or without a confidentiallity agreement. I don't think your "big-wigs" fully understand the consequences of their actions..."Facts are meaningless. They can be used to prove anything!"
- Homer Simpson -
Options
RussS
Member Posts: 2,068 ■■■□□□□□□□
Does the term IDIOTS ring a bell
www.supercross.com
FIM website of the year 2007