The Myth of Security is Layers
-
When talking with a customer you bring up this term when they say something like "Do I need a firewall or antivirus?"
-
@mike-davis said in The Myth of Security is Layers:
When talking with a customer you bring up this term when they say something like "Do I need a firewall or antivirus?"
I wouldn't because it means nothing. It's a FUD term. If they knew what it meant, they'd point out that they already have layered protection. Since they already have the thing that you are saying that AV or firewall's provide, it would have the reverse effect.
-
@scottalanmiller said in The Myth of Security is Layers:
@mike-davis said in The Myth of Security is Layers:
When talking with a customer you bring up this term when they say something like "Do I need a firewall or antivirus?"
I wouldn't because it means nothing. It's a FUD term. If they knew what it meant, they'd point out that they already have layered protection. Since they already have the thing that you are saying that AV or firewall's provide, it would have the reverse effect.
eh - hold on... Just because you have layered security, doesn't mean you have the additional layers that AV and a firewall add. In that case, they'd simply be additional layers on the layers that you already layered together.
-
How many times can I say layers.
-
@dashrender said in The Myth of Security is Layers:
How many times can I say layers.
Layered discussions come in layers.
-
Shrek: For your information, there's a lot more to ogres than people think.
Donkey: Oh, you leave 'em out in the sun, they get all brown, start sproutin' little white hairs...
Shrek: [peels an onion] NO! Layers. -
@scottalanmiller said in The Myth of Security is Layers:
@mike-davis said in The Myth of Security is Layers:
When talking with a customer you bring up this term when they say something like "Do I need a firewall or antivirus?"
I wouldn't because it means nothing. It's a FUD term. If they knew what it meant, they'd point out that they already have layered protection. Since they already have the thing that you are saying that AV or firewall's provide, it would have the reverse effect.
Your client and mine are probably very different. I have to take the time to explain that just because they have a firewall doesn't mean they don't need antivirus.
-
@mike-davis said in The Myth of Security is Layers:
@scottalanmiller said in The Myth of Security is Layers:
@mike-davis said in The Myth of Security is Layers:
When talking with a customer you bring up this term when they say something like "Do I need a firewall or antivirus?"
I wouldn't because it means nothing. It's a FUD term. If they knew what it meant, they'd point out that they already have layered protection. Since they already have the thing that you are saying that AV or firewall's provide, it would have the reverse effect.
Your client and mine are probably very different. I have to take the time to explain that just because they have a firewall doesn't mean they don't need antivirus.
Sure, I totally get needing to explain that they serve different purposes, but saying they are layers doesn't really help them understand things. If anything, it might make them think they can/should do without one or the other because, meh, I only need one layer of protection, not two or more.
-
@dashrender said in The Myth of Security is Layers:
@mike-davis said in The Myth of Security is Layers:
@scottalanmiller said in The Myth of Security is Layers:
@mike-davis said in The Myth of Security is Layers:
When talking with a customer you bring up this term when they say something like "Do I need a firewall or antivirus?"
I wouldn't because it means nothing. It's a FUD term. If they knew what it meant, they'd point out that they already have layered protection. Since they already have the thing that you are saying that AV or firewall's provide, it would have the reverse effect.
Your client and mine are probably very different. I have to take the time to explain that just because they have a firewall doesn't mean they don't need antivirus.
Sure, I totally get needing to explain that they serve different purposes, but saying they are layers doesn't really help them understand things. If anything, it might make them think they can/should do without one or the other because, meh, I only need one layer of protection, not two or more.
Right, that was my point, you risk anyone saying "oh good, so I already have layers".
-
Just because they are things you should already have in place doesn't mean it can't be referred to as a layer.
You certainly don't need a firewall or antivirus to function.
-
@tim_g said in The Myth of Security is Layers:
Just because they are things you should already have in place doesn't mean it can't be referred to as a layer.
You certainly don't need a firewall or antivirus to function.
OK fine, but really, what benefit do you gain by calling it a layer? I've given you one of the detriments.
-
@dashrender said in The Myth of Security is Layers:
@tim_g said in The Myth of Security is Layers:
Just because they are things you should already have in place doesn't mean it can't be referred to as a layer.
You certainly don't need a firewall or antivirus to function.
OK fine, but really, what benefit do you gain by calling it a layer? I've given you one of the detriments.
None. Just sayin.
-
I see what you're saying. What's the alternative then? How do you explain to a non technical client you need a firewall at the gateway and a firewall on the computer?
-
@mike-davis said in The Myth of Security is Layers:
I see what you're saying. What's the alternative then? How do you explain to a non technical client you need a firewall at the gateway and a firewall on the computer?
Has nothing to do with layers. They serve completely different functions.
-
@tim_g said in The Myth of Security is Layers:
Has nothing to do with layers. They serve completely different functions.
Correct. What analogy would you use to talk to a non technical person about all the things we do in the name of security?
-
@mike-davis said in The Myth of Security is Layers:
I see what you're saying. What's the alternative then? How do you explain to a non technical client you need a firewall at the gateway and a firewall on the computer?
Well ideally you don't explain technical things to non-technical people, that's why you are there, to do the tech pieces. Any need to explain tech to people who don't know tech means the business has failed.
Once in that failed position, the only real option is "because they aren't teh same thing and you need both, do you want to be secured or not"?
-
@mike-davis said in The Myth of Security is Layers:
@tim_g said in The Myth of Security is Layers:
Has nothing to do with layers. They serve completely different functions.
Correct. What analogy would you use to talk to a non technical person about all the things we do in the name of security?
Mention examples from non-tech perhaps.
Like a store. Do you lock the door? Yes. Do you still hire a guard? Yes. Do you still have an alarm? Yes. Do you still call the cops if those things fail? Yes.
If AV means you don't need a firewall, then doesn't a door lock mean you don't need a guard or cops or alarms? Same thing here... each does a different function. Just because you locked the front door doesn't mean that you can not also lock the safe or employ a guard or have an alarm.
-
IDK, Has anyone here ever watched Mad Men?
Its not a "wheel"... its a "time machine".
-
Also @scottalanmiller I am not so sure you are right. The government has at least layers of firewall you have to hack down before you gain access...
-
"Just cracked the out layer" and he is going to start an "Intrusion Inspection"