Page 1 of 2 12 LastLast
Results 1 to 40 of 77
  1. #1
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17

    * Server and Security Management $25

    $25 per month www.theboxnetwork.net/consulting.php

    Hello my name is Tom from The Box Network Global Internet Solutions. We have introduced a new service after been asked for it many times as people saw we where offering it with our 2GHZ dedicated servers for 170 a month at EV1.

    Security is a must in this day and age. No longer are "hackers" aiming for random targets, hacking scripts, mass routers and rootkits are getting more advanced and a lot easier to use. Instead of aiming for one server now a "hacker" can scan full A, B and C class subnets of ips for a certain root vulnerabilities or many root vulnerabilities. Your server could be on the C class in which he scans and because you have not updated something simple like your openssl or openssh server you could be hacked all your information destroyed and your server used for malicious attacks against other users! This is not sci-fi it happens all the time. We can secure and protect your server and also mange it for for a low monthly fee. You will then have the peace of mind that you have not been hacked and you will not be hacked. You will also have the reassurance that we will also install any server updates in which you may need at your request. You will receive a security report when first signup for for this service and the monthly fee is $25 a month.

    Server and Security Management includes !

    Firewall Install
    Packet Filtering Install
    24/7 Monitoring
    Security Check
    Virus Check
    Software upgrades
    Server Lockdown
    Security Aduit
    Security Report (emailed to you)
    Netcraft block


    Regards

    Tom

    www.theboxnetwork.net
      0 Not allowed!

  2. #2
    will i know for sure im not going to get hacked?
    * Rusko Enterprises LLC - Upgrade to 100% uptime today!
    * Premium NYC collocation and custom dedicated servers
    call 1-877-MY-RUSKO or paul [at] rusko.us

    dedicated servers, collocation, load balanced and high availability clusters
      0 Not allowed!

  3. #3
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17
    For all known remote flaws yes, we also have active research group (data tap security) also run by The Box Network who's research group picks up tons of unknown flaws before they are released.

    Regards

    Tom
      0 Not allowed!

  4. #4
    Join Date
    Sep 2002
    Posts
    522
    What exactly does 24/7 monitoring include??? Just security monitoring, or all the processes running on the server? I know you are focused on security but I'm checking to see whether if I contract with you I can stop monitoring the server myself since it says you manage the server in the post as well.

    You also state that you install server updates upon our request. If a vulnerability comes up, do you patch right away, or do you wait for me to tell you I need it installed? Or is the per request feature just for things like installing the newest versions of php or something else that could possibly break our control panel?

    Do you actively monitor the server 24/7? What if my server is getting hit with a ddos at 3:00am?

    How long have you been doing this?
    How many servers do you currently handle security for?
    How many admins do you have working on these ___amount of servers?

    I'm trying to make sure that my server will not be number 237 to be patched with only 4 techs working on it.

    Thanks
      0 Not allowed!

  5. #5
    after you do the initial audit, will i know for sure i havent been hacked before?
    * Rusko Enterprises LLC - Upgrade to 100% uptime today!
    * Premium NYC collocation and custom dedicated servers
    call 1-877-MY-RUSKO or paul [at] rusko.us

    dedicated servers, collocation, load balanced and high availability clusters
      0 Not allowed!

  6. #6
    Greetings:

    From reviewing http://www.theboxnetwork.net/consulting.php, it looks like you are installing open source technology to install a software-based firewall and port scanner.

    The ending result looks like an unmanaged firewall with no instrusion detection system (IDS).

    The domain name, theboxnetwork.net, was registered this May.

    I congratulate you on starting this brand new business, but most companies in this space who have the experience and know how for what they are doing charge a minimum of $1,000 per month to provide managed firewall services. Even "unmanaged firewall" services usually run several hundred dollars per month.

    The typical server administrator worth their salt get paid at least $40,000 per year plus benefits which typically translate to $50,000 per year (when you add in the dollar value of benfits).

    This is in the $25 per hour range.

    Certified security personnel are generally paid $75,000 per year to start, and experienced individuals can easily command $150,000 per year.

    With benefits that translates to $45 to $90 per hour.

    Given the hourly wages as a full time, full benefits, employee could make range from $25 to $90 per hour (given they do have the experience) and that companies often charge $100 to $325 per hour (several hundred to several thousand per month), I can only imagine what is given and not given for a mere $25 per month.

    Most of the experts in this industry not only charge what they charge because of their expertise; they also have errors and ommisions insurance, EDS insurance, general liability insurance, and potentially are even bonded for each job.

    At a mere $25 per month compared to what the proven experts charge, I cannot image you are also covered with the appropriate insurances.

    Since September 11, 2001 there has been a cry for increased security, so I can see the desire of people like yourself to open a brand new business to meet the need.

    Nowever, I am caused to wonder about what one is really getting and the liabilities of what they are getting or not getting given the mere $25 per month.

    Thoughts? Comments?

    Thank you.
    Last edited by pmabraham; 10-31-2002 at 06:56 PM.
      0 Not allowed!

  7. #7
    Join Date
    Sep 2002
    Posts
    522
      0 Not allowed!

  8. #8
    Join Date
    Oct 2002
    Location
    Maryland
    Posts
    89
    I would have to agree with the posts above.

    I am a security Specialist, and I believe they said $25 a month for managed firewall service? Umm, OK if you can and want to work for $25 a pop go for it, but if you have the experience and know how I would seriously doubt the pricing. I work for a Large Tier1 ISP and in no way can I see $25 a month for managed firewall, updates, etc.
      0 Not allowed!

  9. #9
    Join Date
    Oct 2002
    Location
    Maryland
    Posts
    89
    Also...http://www.google.com/search?q=%22da...ff&sa=N&tab=iw
    no links in google at all for data tap security
      0 Not allowed!

  10. #10
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17
    Originally posted by 7out
    What exactly does 24/7 monitoring include??? Just security monitoring, or all the processes running on the server? I know you are focused on security but I'm checking to see whether if I contract with you I can stop monitoring the server myself since it says you manage the server in the post as well.
    Yes The Box Network will monitor your server 24 hours a day. How we do this is by installing psad with bastille on your box if it is linux of coarse so when ever a scan or a ping hits your server a log goes straight into our mail boxes. Now you might think to you self we don’t check our mail 24/7 I can tell you this we have a lot of custom we have 3 partners working for us one in Ireland that’s me I am the founder of The Box Network by the way, one in the u.s and one Switzerland this is our living not a hobbie there is always some one monitoring our servers and our network.

    [i]
    You also state that you install server updates upon our request. If a vulnerability comes up, do you patch right away, or do you wait for me to tell you I need it installed? Or is the per request feature just for things like installing the newest versions of php or something else that could possibly break our control panel?.[/B]
    We patch right away most of the time before security sites even know of the flaw we run various research projects get a lot of code from the wild etc.... we are in tone with the going's on of the security industry.

    heres a small list from one of our database of various rubbish and slime taken from the wild a lot of the code near the end has never even seen cert.org
    (just words no files)
    http://www.theboxnetwork.net/honey.txt

    [i]
    Do you actively monitor the server 24/7? What if my server is getting hit with a ddos at 3:00am?[/B]
    DDos attacks will be filtered and icmp response will be blocked to your box so when some one pings your box it will always time out. I have done this for shell providers in the past and this sorted a lot of their dos problems.

    [i]
    How long have you been doing this?
    How many servers do you currently handle security for?
    How many admins do you have working on these ___amount of servers??[/B]
    I have been doing security consulting for over five years. I cant tell you how many servers I manage I can tell you the servers below are mine and are secured by me.

    scan, ping and do what ever you want to test the hosts.

    lucky.theboxnetwork.net
    bucky.theboxnetwork.net
    money.theboxnetwork.net

    There are only 3 admins in our security section. The support system has about five people covering it with myself and Aaron on most of the time. I like to have a owner of the company online at all times.

    [i]


    I'm trying to make sure that my server will not be number 237 to be patched with only 4 techs working on it.
    ??[/B]
    I want your money, I want to keep getting your money every month. I want you to be happy and stay with my service. You will get a great service you will not just be a number.

    Regards

    Vline
    www.theboxnetwork.net
      0 Not allowed!

  11. #11
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17
    .
    Last edited by Vline; 10-31-2002 at 06:01 PM.
      0 Not allowed!

  12. #12
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17
    Hey guys

    A lot of posts about the price and stuff I am not offering a complex service it states what I am offering if you look at our netcraft info you will see the site was first registered in 2001. We have really only been hosting since this may yes. I do not want to stand a trial here lots of people use this service. If you dont want it dont get it. Its really good value for new hosts who want some one who have experience with unix and a security background. Thats all I have to say.

    Regards

    Tom.
      0 Not allowed!

  13. #13
    Greetings:

    1. Can you please respond to my first post?

    2. "Yes The Box Network will monitor your server 24 hours a day. How we do this is by installing psad with bastille on your box if it is linux of coarse so when ever a scan or a ping hits your server a log goes straight into our mail boxes."

    A. This does nothing to monitor the server being up or down, server performance, database availability, content hacking, etc.

    B. PSAD provides a lot of false alerts, and only shows port scans which may or may not be innocent.

    So you have no firewall management being done by your response, and no managed intrusion detection system.

    You are relying on passive methods which may allow a hacker to get in, compromise or destroy, and get out before you and your associates even know about it.

    "We patch right away most of the time before security sites even know of the flaw we run various research projects get a lot of code from the wild etc.... we are in tone with the going's on of the security industry."

    What is your service level agreement for security patch application?

    Do you have a guarantee about installing patches within a certain time period?

    What happens when that guarantee is not met?

    Do you have E&O insurance to cover the financial cost that your customers may go through in case you and your associates totally destroy their system out of negligence, fraud, or neglect?

    Has your company ever been turned down for being bonded?

    Has your company ever been bonded?

    "we have 3 partners working for us one in Ireland"

    How many individual people are on the actual support team?

    Three?

    What time zones?

    Do you work separate shifts?

    Is a human being accessible 24x7x365 within seconds?

    Do you have a guaranteed response time? What is that guarantee?

    What can your customer expect when you don't meet the guarantee?

    Do you have a service level agreement that covers response time?

    What does your service level agreement state on this issue?

    Thank you.
      0 Not allowed!

  14. #14
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17
    No i could not be bothered to be honest, I think i would be wasting my time buddie. Any other people interested in the service you know where to find it.

    Regards

    Tom

    www.theboxnetwork.net
    Last edited by Vline; 10-31-2002 at 06:11 PM.
      0 Not allowed!

  15. #15
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17
    Originally posted by rusko
    after you do the initial audit, will i know for sure i havent been hacked before?
    Yes you will.
      0 Not allowed!

  16. #16
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17
    Originally posted by Just_Kp
    I would have to agree with the posts above.

    I am a security Specialist, and I believe they said $25 a month for managed firewall service? Umm, OK if you can and want to work for $25 a pop go for it, but if you have the experience and know how I would seriously doubt the pricing. I work for a Large Tier1 ISP and in no way can I see $25 a month for managed firewall, updates, etc.

    So if a lot of people started doing this would you loose a lot of business ?
      0 Not allowed!

  17. #17
    Greetings:

    "A lot of posts about the price and stuff I am not offering a complex service"

    What do the experts deliver for $1,000 or more per month that you do not deliver for $25 per month?

    What are your customers who pay $25 per month not getting compared to the $1,000+ month companies?

    If a certified security specialist is able to command $75,000 to $150,000 per year not including full benefits, why do you feel $25 per month represents the value of your company?

    Certainly you cannot have the experience of some one who is certified and able to get at least $75,000 per year PLUS benefits because at $25 per month per server you would have to have to be able to support 313 servers to break even on your old job (so to speak).

    Supporting 313 servers with one person (it is 939 with three people of the same experience because they need to get paid too) by reviewing PSAD emails even with a toliet for a seat, a refigirator next to you, etc. is not humanly possible given that any one server can have PSAD generating hundreds of emails per day (sometimes per hour).

    I'm sorry if these posts are harsh, but after September 11th, people need companies and individuals whose offerings are real and beneficial.

    Thank you.

    P.S. the example above about break even does not include what you would really have to charge (which means more servers to break even) to cover bonding, O&E insurance, EDS insurance, general liability insurance, DS-1 or faster connectivity to the Internet, your own network operations center, etc. in order to do your customer justice.
      0 Not allowed!

  18. #18
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17
    right and you dont think offering a simple little service that will make security a lot tighter on a guy who might not know that much about unix or security is a good thing ?

    I dont know guys I have a good few customers with this service and they are pretty have.. but I know what you are talking about.

    Regards

    Tom

    www.theboxnetwork.net
      0 Not allowed!

  19. #19
    Greetings:

    "right and you dont think offering a simple little service that will make security a lot tighter on a guy who might not know that much about unix or security is a good thing?"

    There is an old saying, "if you are going to do something, take the time to do it right."

    There is another old saying, "measure twice, saw once."

    Both deal with the same concept that if you are going to do something, it should done correctly.

    There is no way that your offering has any value for the customer. Here is why:

    1. If you have no service level agreements (T.O.S. DOES NOT EQUAL S.L.A.) with the customer, then the customer has no assurance they will get the consideration for which they have paid.

    2. If you do not have the proper insurances, and there is fraud, neglect, incompetence, etc. then the customer can loose more than the $25 per month they are paying.

    If you are not properly certified and do not have the necessary experience, the probability that there will be neglect (purposeful or otherwise) and incompetence is extremely high.

    If you did have the proper certficiations and credentials, then you would be commanding at least $75,000 per year plus full benefits in salary... and you would not be charging $25 per month per server.

    3. As I stated earlier:

    You ==> "Yes The Box Network will monitor your server 24 hours a day.

    Response => How we do this is by installing psad with bastille on your box if it is linux of coarse so when ever a scan or a ping hits your server a log goes straight into our mail boxes."

    A. This does nothing to monitor the server being up or down, server performance, database availability, content hacking, etc.

    B. PSAD provides a lot of false alerts, and only shows port scans which may or may not be innocent.

    So you have no firewall management being done by your response, and no managed intrusion detection system.

    You are relying on passive methods which may allow a hacker to get in, compromise or destroy, and get out before you and your associates even know about it.

    So in ending, the customer is getting nothing and paying you $25 per month for nothing.

    They are getting the equivalent of having some one install Bastille for Linux (which comes with PSAD; both are free) on their server, and then letting the PSAD emails go in the trash can.

    Thank you.
      0 Not allowed!

  20. #20
    Greetings:

    "right and you dont think offering a simple little service that will make security a lot tighter on a guy who might not know that much about unix or security is a good thing?"

    Let me put it another way than what I just said.

    Let's say you went to the F.A.A., and stated for $25 per month you would sit on each flight with your paint ball gun in first class waiting to stop terrorists.

    You have no qualifications, are not licensed to carry a fire arm, have had no training, and lost most paint ball gun matches you've participated in.

    You figure you'll get first class seating, and something is better than nothing. After all the terrorists might mistake your paint ball gun for the "real thing;" and might be fooled into believing you are a certified, trained, skilled person capable of stopping them.

    Now, will the F.A.A. get their money's worth by hiring you?

    What if your "niche" was single Cesna operators. Would they get their money's worth?

    In both cases, it would be a joke because the offering has no value to the customer.

    Security is an extremely important and sensitive issue in light of September 11, 2001.

    If you are going to offer services in the security arena, know what you are doing. Know what to charge. Offer customer-oriented service level agreements. Have the right equipment. Have the proper insurance, etc.

    Don't go around with a paint ball gun stating it is better than nothing.

    Thank you.
      0 Not allowed!

  21. #21
    Join Date
    Oct 2002
    Location
    Maryland
    Posts
    89
    Hmm..

    I cant for the life of me see why someone would pay you $25 a month for that service. Remember the saying "You get what you pay for"? Security isnt something you should take lightly if its on your business. The mere fact that someone is selling themselves so short shows you the reasoning for their price, I would translate that as no confidence in your knowledge or... Not too knowledgable. I am not trying to be rude to you, but with 5 years experience, a) you should be able to be certified, and b) if you where certified you would have much better things to do then sell a $25 a month service.

    Please let us know what Firewall are you installing? what monitoring are you doing? etc..

    You mention nothing of the products you plan to use, yet want people to pay you, well I can run a win2k server and you can setup Zone Alarm on it, but I don't think that will honestly do much for me..
      0 Not allowed!

  22. #22
    quote:
    Originally posted by rusko
    after you do the initial audit, will i know for sure i havent been hacked before?

    Originally posted by vline
    Yes you will.
    thats bull****. it a day and a bottle of vodka to modify any of the popular rootkits so they wouldnt be detected by chkrootkit. in fact, they wouldnt even be detected by more advanced stuff and people that know what they are doing.

    bottom line: the only way you will know for sure that the box is clean is if you have just done a clean install of the OS from trusted/verified media, all while the network cables were unplugged.

    unlike others, i think the service is worth the $25 (i spend more on my smokes in a week). its so dirt-cheap that anything that you do for that money (unless you are completely clueless and only make things worse) is actually a good deal. this is good for someone who has no idea about security and no money/time top invest. however, you should not give them a sense of false security. you need to explain (truthfully) the extent (limited) of assurance your service provides.

    my qualms are with the sensationalist, uneducated, imprecise and improper advertising copy. no way you can guarantee that the box is clean to begin with and no way you can guarantee that the advisories/patches are correct. bull about your 'research team' finding vulns, i bet they hang out on efnet trading 0day.

    be truthful and honest in your advertising. explain what your services do and what they dont.

    good luck,
    paul
    * Rusko Enterprises LLC - Upgrade to 100% uptime today!
    * Premium NYC collocation and custom dedicated servers
    call 1-877-MY-RUSKO or paul [at] rusko.us

    dedicated servers, collocation, load balanced and high availability clusters
      0 Not allowed!

  23. #23
    Join Date
    Mar 2002
    Location
    Mass
    Posts
    726
      0 Not allowed!

  24. #24
    Come on people. This guy is running his service on a dedicated Rackshack server running Ensim. How could you take it seriously enough to even waste time asking questions to show the problem with his 'service'? I personally can't justify the time to point out all the issues and I'll leave it at that.
    Robert McGregor
    URL: http://www.2host.com
    Email: robertm@(nospam)2host.com
      0 Not allowed!

  25. #25
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17
    Seems like a day to jump on the other host so lets just leave it here. As I said before those you want the service no where to get it.

    Regards

    Tom

    www.theboxnetwork.net
      0 Not allowed!

  26. #26
    Originally posted by Vline
    Seems like a day to jump on the other host so lets just leave it here. As I said before those you want the service no where to get it.

    Regards

    Tom

    www.--------------.net
    If you come here offering a service, claiming people can "know they are secure" from having their servers compromised by a "hacker" (media word), then you should expect people will question this service for the price.

    I don't personally have any issue with the price, albeit I admit I am skeptical. People usually charge low rates like this, because they aren't skilled enough to get a real job doing it. That's not to say that's the case for you.

    That's also not to say that you providing them _some_ service isn't better than nothing, even if it's $25/mo. However, the problem is, with me anyway, that you offer this and make these claims, when your own server is running Ensim. This means your server can not be as secure as one without it. It's built to tie into the operation so much, that it does not allow you to secure it without breaking the program and functions of the web server.

    No one in their right (security minded) mind, would use Ensim. Your packages and programs are out of date and you can't upgrade them without it breaking Ensim. The fact you are running Ensim means you do not have the ability to have custom, secure solutions on your own servers and I would have to question how you can be qualified to provide others with a real solution -- especially in the way of claiming they can know they are safe just by hiring out your services.

    It's also been pointed out, that what you claim and how effective it is, is far from the facts, seeing it doesn't actually seem to provide much in the way of security after all. Yes, upgrading often or keeping up to date with security patches is better than nothing, but it's hardly everything. I am 100% convinced that someone that posses the skills you confidently claim to have, would never run Ensim, because this alone limits their abilities to secure their own servers.

    If you don't know what I'm talking about, that says a lot. If you do, then why didn't you go for a white box from rackshack instead of a crappy Ensim install? If you had and had your services up to date and truly customized (which you need to do), you would not be hearing me complain or question this thread.

    I realize that your boxes are not your client boxes, but this does tend to reflect on your choices of what you personally run on your own business, when you make poor choices. It makes people question why you'd not go with a better solution, since you should know better.

    I'm not sure what to say, but price isn't the factor here, as much as the reflection of your choices, which provide some insight into your alleged skills. This makes me wonder, and for those reasons. Those and reasons others in this thread have mentioned. It's nothing personal, but who of us should stand by and say nothing for fear of looking like we are "attacking the competition" or something, because we feel it's a risk to these people. It is our duty to say something. Again, it's nothing personal.
    Robert McGregor
    URL: http://www.2host.com
    Email: robertm@(nospam)2host.com
      0 Not allowed!

  27. #27
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    Usually, I don't get involved in threads like this one, because I AM the competition, but let's clear a few things up here.

    Any sort of security audit for $25 will NOT tell you you've never been hacked before. It's physically impossible to detect previous hack attempts without getting deep into system data (logs, users, queries, more logs, more queries, etc). All this for $25? Riiiiiiiiiiiiight.

    Monitoring for $25 a month? Possible, but doubtful. I know what I'm talking about here, because I DO monitor all activity on my clients servers, and go through it with a fine toothed comb. what is involved in monitoring? Certainly more than looking at a minor portion of the logs every few days. Try looking at them at LEAST once every half hour. This adds up, and evenif you hve 3 people working on it, it's gonna take at least minutes (per half hou) per client.. Before you say 'logs are automatically looked at', I'll say again 'I don't think so'. Unless your logs are parsed and sent to you every half hour for YOUR looking at, you, that's far from secure.

    I would agree wholeheartedly with 2host re: ensim. If your own servers aren't updated and secure, how can you assure your customers that THEIRS are? Ensim is outdated as can be, and relies on antequated, outdated software. I believe redhat 7.2 was released what, in what, 2001?? It's been too long for me to recall. So, you'e looking at a 2 year old Operating System, not to mention the kernel that they recommend and support being out of date.

    One of the most important features in security is keeping yourself honest and having your clients be able to rely and depend upon you. This is WhY I don't advertise my services as "security specialist", even though I DO perform security enhancements on client's servers, and I DO go through their logs (manually, mind you, as any good sysadmin should) every half hour (well, the new entries that are mailed to me anyways).

    I DO think security should be made affordable to everyone, and that's one of the very things I do for my clients, but $25 is too good to be true. There's no physical way that you can ensure your clients safety, not for that mere amount of money.

    I find it amusing that individuals actually try to sell services like this for $25 a month. Affordable is one thing (and my services again, border on that, I realize), but this has every smell of fraud.

    Just as a side note:
    Has anyone actually purchased this offer, what kind of reports were mailed back? I'd love to see the outputs of some of this.. Chances are it's just someone who's picked up Grsecurity ( a freely available tool) and is running with it.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details
      0 Not allowed!

  28. #28
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,009
    I'll jump in here too. dynamicnet, Tom can offer the service and charge whatever he likes. You're comparing his offerring to what else is out there. How do you know that what you're using as a comparison isn't wrong in the first place?? What is right and wrong? How can these 2 parameters be defined?? You define the first parameter based on your experiences and understanding. That is not "reality". The laws of supply and demand come into play here folks.

    If Tom wants to offer a cheap affordable and very basic security service for $25/mth, then that's ok. If your claim is that it is impossible for Tom to offer this service, then that's a valid claim/opinion.
    • AussieHost.com • Aussie Bob, host since 2001 •
    • Host Multiple Domains on Fast Australian Servers!! •
      0 Not allowed!

  29. #29
    Greetings:

    "Tom can offer the service and charge whatever he likes."

    Correct.

    "You're comparing his offerring to what else is out there."

    Correct.

    "How do you know that what you're using as a comparison isn't wrong in the first place?"

    It is called, doing your home work :-)

    "What is right and wrong?"

    Well, trained, armed, highly skilled, highly certified, agents on a plane compared to a wanna-be person with a paint ball gun who has no experience with a real gun, no permit, looses most paint ball gun matches...

    You tell me.

    Security has always been important. Since September 11th it has increased in importance.

    So much so that there is a gigantic difference between offerings that are the equivalent of the untrained, paint ball gun wielder who has no permit to carry a real gun let alone ever used one and an armed, trained, highly skilled professional.

    Oh... only need the paint ball gun user? Then know what you are getting.

    Based on the responses to date, here are the known facts:

    1. No service level agreement (if there was wone, it would have been noted, expressed, etc.).

    2. No errors and ommissions insurance.

    3. No EDS, general liability, or other forms of insurance.

    4. No bonding.

    5. No managed firewall.

    6. No managed intrusion detection system (IDS).

    7. The site offering the security services had its domain name registered in May of this year.

    8. The monitoring consists of reading emails generated from PSAD.

    9. PSAD is known to generate a large quantity of email per server; and, can generate hundreds of messages per day (sometimes per hour).

    10. The read the emails from PSAD to determine if there is a security problem.

    11. PSAD is known to generate emails that have no meaning or relevance.

    12. Bastille for Linux (which includes) PSAD is free.

    13. Instructions for installation of Bastille are available in a variety of sources.

    14. Certified security personnel's salary (not including the dollar value of benefits) start at $75,000 per year.

    15. They've already answered questions dealing with their experience -- never been hacked question -- that show they don't know what they are doing.

    16. Some one not knowing what they are doing reading several hundred (or more) PSAD emails per server per day is going to be able to add what benefits for the customer?

    Thank you.
      0 Not allowed!

  30. #30
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,009
    Tom can offer his service for $25.00/mth. What is provided for that is questionable. You get what you pay for.

    BTW dynamicnet, how about replying to posts properly with quotes and not just " ". It's not the proper netiquite.
    • AussieHost.com • Aussie Bob, host since 2001 •
    • Host Multiple Domains on Fast Australian Servers!! •
      0 Not allowed!

  31. #31
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17

    Red face

    Ok this is turning into a waste of time. The post has pushed sales for this service btw as there have been 4 signups today (what sort of marketing would you call that) But really guys you are bad mouthing ensim saying it cant be secure and a load of other rubbish..
    its a cheap service yes
    its worth the money to hosting companys new to the industry who dont know much about unix or security yes.

    Now lets drop it.

    IF YOU DONT WONT IT DONT GET IT!

    with a bit of luck this topic will be locked



    btw there was a lot of talk about certs I have just for the record
    I have my mcsa , ccna and rhce , I have worked for Iomega as a Linux consultant and am currently also working in I.T in consulting earning 32 000 a year for a 3 day week.

    Regards

    Tom

    www.theboxnetwork.net
    hosting from $3.95 200mb 1000mb bandwith with ENSIM!
    hosting from $4.95 500mb 3000mb bandwith with ENSIM!
      0 Not allowed!

  32. #32
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    Originally posted by Aussie Bob
    What is provided for that is questionable. You get what you pay for.
    In some cases, that is true, but not in all.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details
      0 Not allowed!

  33. #33
    I have to let you all know that I personally know one of theboxnetwork admins and there very genuine guys with enough knowledge.
    You are definetly getting your $25 per month with this package.

    Personally we deal with our own security. But for some new comers this would be the perfect package.

    As for the comments about ensim being un-secure, and "unable to update" critical components, that is a load of rubbish.

    We have the latest and most up to date version of everything, it just takes a bit of knowledge and sense to install them.

    "oh no rpm -Uvh might break ensim".

    Learn how to install packages correctly, and you can install them with ensim on the server.

    Good luck Vline, your providing a service worth a lot more than $25.
    I have actually seen people asking in the region of $100-$300 to install Bastille & PSAD - and that doesnt include monitoring it.
    http://www.STX-Hosting.com
    .:: Professional Web-Hosting ::.
    .:: Top Dedicated Support !!! ::.
    .:: [email protected] ::.
      0 Not allowed!

  34. #34
    Originally posted by Vline
    Ok this is turning into a waste of time.
    If you can't respond to the points made, why waste people's time going on about irrelevant things?

    The post has pushed sales for this service btw as there have been 4 signups today ;)
    Who, oh why, do people always respond with how many people signed up because of their crappy ad? So? Want to know how many people would buy a bridge? Put a post up about it.

    (what sort of marketing would you call that)
    What can you do.

    But really guys you are bad mouthing ensim saying it cant be secure and a load of other rubbish..
    You have absolutely no idea what you're doing.

    its a cheap service yes
    Yes, if you'd qualify it as a service.

    Am I being too blunt? I was being nice in my comments and they were valid points, and you respond acting like everyone with a valid point is the person that lacks a clue. Hmm, ironic.

    its worth the money to hosting companys new to the industry who dont know much about unix or security yes.
    If someone was so poor at the task of doing hosting to think this is of any value or need help on such a level, they have no business calling themselves a web host (my opinion).

    Now lets drop it.
    Sure. We don't dare converse on a web forum.

    IF YOU DONT WONT IT DONT GET IT!
    Yes, that is a valid point. Yet, another valid point is to make clear what is going on, so no one that is ignorant about this doesn't fall into this 'service' and regret it later. You claiming this so-called service will remove their worries and make them secure.

    with a bit of luck this topic will be locked
    Perhaps.

    btw there was a lot of talk about certs I have just for the record
    I didn't notice and I don't care.

    I have my mcsa , ccna and rhce ,
    I know of a guy that has all these and doesn't know a thing. It just shows how non valuable these certifications are. I know of a guy that's "one of the leading security experts in the world", runs a high profile security consulting service and probably doesn't know what a shell prompt is. I know a 45 year old woman that doesn't know much beyond how to use her email and mouse, and she works at Intel as a support rep and security analyst, and has certifications too. What's your point?

    I have worked for Iomega as a Linux consultant and am currently also working in I.T in consulting earning 32 000 a year for a 3 day week.
    And that's why you're excited to earn a whopping $25, totaling $100/mo, from 4 people you allegedly got business from due to this thread, right? Besides, that's not great pay. Besides, what in the heck do you think "working in IT" means anyway? This could mean anything. "I change the TP roll in the office bathroom at Quest each week, I work in IT!".


    Regards

    Tom

    www.theboxnetwork.net
    hosting from $3.95 200mb 1000mb bandwith with ENSIM!
    hosting from $4.95 500mb 3000mb bandwith with ENSIM!
    Don't be so proud of using Ensim. Learn to use a real sig, IT boy. Learn to not put anchored URL tags in your sig. Learn how to respond to the points that are brought up. yes, Ensim is insecure, it is bad, it limits you and it says a lot about your alleged knowledge. Perhaps I was a little blunt and not so polite, but oh well. Like you said, your choice. If people are interested, they'll contact you. Good luck.
    Robert McGregor
    URL: http://www.2host.com
    Email: robertm@(nospam)2host.com
      0 Not allowed!

  35. #35
    Originally posted by STX-Hosting

    ...

    As for the comments about ensim being un-secure, and "unable to update" critical components, that is a load of rubbish.
    Uh huh. Okay, I'll give you 20 hours with an account on my server, for 2 minutes with an account on your server. We can test each other's security. Sound fair?

    We have the latest and most up to date version of everything, it just takes a bit of knowledge and sense to install them.

    "oh no rpm -Uvh might break ensim".
    If you rely on RPM's to do everything for you, you might not be so well off.

    Learn how to install packages correctly, and you can install them with ensim on the server.
    If you say so. I'm sorry you would rather just support someone that makes poor choices and defend them so aggressively given the facts, and I'm sorry you believe that an Ensim system can be secure, without actually uninstalling Ensim itself. However, that's none of my business. Contact me if you'd like for me to example some of the reasons I made my comments in this thread about, and we can offer each other access. Really.
    Robert McGregor
    URL: http://www.2host.com
    Email: robertm@(nospam)2host.com
      0 Not allowed!

  36. #36
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    Originally posted by Vline
    But really guys you are bad mouthing ensim saying it cant be secure and a load of other rubbish..
    [/B]
    Take a look at the software required by ensim.. Redhat 7.2... We've been here, the software is antiquated, the kernel is old, there's MORE bugs in Ensim than I can pull out my tail (not to mention the fact it's based on years old software).
    Originally posted by Vline
    its a cheap service yes
    [/B]
    Too cheap for what you're offering, entirely too cheap. Take it from someone with experience in the field, you can NOT do a correct audit on a server for such a low price.. In addition, more than one of your lies has been pointed out (You'll know for SuRe if you've been hacked or not.. imposible).

    Originally posted by Vline
    its worth the money to hosting companys new to the industry who dont know much about unix or security yes.
    [/B]
    No, it's not worth a new company getting ripped off, which is EXACTLY what your offer reeks of.
    Originally posted by Vline
    I have just for the record I have my mcsa , ccna and rhce , I have worked for Iomega as a Linux consultant and am currently also working in I.T in consulting earning 32 000 a year for a 3 day week.
    [/B]
    PROVE IT
    << edited to remove someone else's sig.. oops>>
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details
      0 Not allowed!

  37. #37
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17
    Uh huh. Okay, I'll give you 20 hours with an account on my server, for 2 minutes with an account on your server. We can test each other's security. Sound fair?



    Is that offer open to us all? Sure locally is no fun how about remotely ?
      0 Not allowed!

  38. #38
    Uh huh. Okay, I'll give you 20 hours with an account on my server, for 2 minutes with an account on your server. We can test each other's security. Sound fair?
    sorry we dont open our servers up to just anyone.


    If you rely on RPM's to do everything for you, you might not be so well off.
    That was my point, hence the "" and the sarcasm.


    If you say so. I'm sorry you would rather just support someone that makes poor choices and defend them so aggressively given the facts
    I wasnt defending him, i was stating that they provide a good deal for $25 for new comers.

    and I'm sorry you believe that an Ensim system can be secure, without actually uninstalling Ensim itself.
    Ensim is simply an addon, providing you have the correct implementation of the latest packages you can be about as secure as any other linux box with a web based control panel.

    I do agree ensim is anything but secure when it is first installed though.
    http://www.STX-Hosting.com
    .:: Professional Web-Hosting ::.
    .:: Top Dedicated Support !!! ::.
    .:: [email protected] ::.
      0 Not allowed!

  39. #39
    [QUOTE]Originally posted by Vline
    [B]
    Originally posted by 2host.com


    Uh huh. Okay, I'll give you 20 hours with an account on my server, for 2 minutes with an account on your server. We can test each other's security. Sound fair?



    will you give me that offer ?
    Yes, definitely. Email me. I'll give you a FAX number and you give me one in return. I'm not joking about this and I don't want to be sued or be accused of something, so we'll put it in writing with permission for the set duration. Surely if you are into security you realize this protocol. I await your contact information.
    Robert McGregor
    URL: http://www.2host.com
    Email: robertm@(nospam)2host.com
      0 Not allowed!

  40. #40
    I wouldnt mind seeing the outcome of this little trade... results could be bad for both sides of this deal.
    http://www.STX-Hosting.com
    .:: Professional Web-Hosting ::.
    .:: Top Dedicated Support !!! ::.
    .:: [email protected] ::.
      0 Not allowed!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •