Sunday, 19 December 2010

OpenSim, IT and Firewalls - The BANE of my existance

Sorry all, I've been away, well I mean dug in deep in a development cycle.

I want to talk, again about a problem, a problem that does not exist, however it is a problem and its stopping the spread of Virtual Worlds.

This problem is corporate IT.

I've worked in IT for 12 years, I've been IT Manager of a SME and have worked in IT departments with 100+ staff. IT has and always will be looked upon as the servant of the company, the poor ginger step child that no one wants. Yet! Without IT your company would be dead and you would all be poorer.

To the IT Manager, you will always be the ginger step child, that will never change. I had to accept it (I was the only head of department not invited to the CEO's meetings) I bet there are meetings you think you should be at, but are not, it won't change.. you have to accept it.

So there you have it. IT you are a service, IT you have to accept that.

But alas, it doesn't always work like that.

CEO > "IT Manager, I've seen this wonderful virtual world system, it could make us millions! But I can't access it, I've spoken to those wonderful people at Second Places and they inform me that our firewall is restricting access, would you be so kind to open the firewall."

IT Manager > "I'm sorry boss, but opening the firewall port in question would leave us open to attack. And that attack could cause the company major financial problems!"

CEO > "Oh my, Second Places never mentioned that! The swines that they are, let me speak to them!".

10 minutes pass

CEO > "IT Manager, I've spoken to Second Places. The system only needs opening to one IP address, and if we are using decent firewalls we can even set it up so the port is opened from the inside and only when in use! Is that not wonderful, so when can I have it opened?"

IT Manager > "oh sorry boss, but that is a lot of work, it will take us months and I don't have the man power to do it!"

CEO > "Months? Oh my, those swines in Second Places said it was easy! Let me speak to them."

10 minutes pass

CEO > "IT Manager, they insist it is easy, in fact they will send one of their own people down and if you supply them the firewall password "

IT Manager "Boss, let me stop you there. Give a third party our firewall password, never! that will allow them access to everything!".

All the while when this is happening, idiot Joe in accounts is accidentally deleting all the accounts files for the past 10 years, while hacker Mick from America is hitting the firewall's port 25 (which is always opened for email) with a DoS attack and some ex-prince from Nigeria is sending an email to the head of HR asking for his bank account numbers, which he freely gives!

The worse example was after 3 months of debate with the IT Manager, we go in to open the port only to find the FTP port open with a server allowing anonymous user access to upload and download.

So I always say to the IT Manager, "hey mate, I know it sucks, and no one loves you, but just open the firewall ports, please! Our clients range from BP to Dominos Pizza UK, each will likely have much, much more to hide, are much, much more likely to be targeted by hackers and have opened their firewall ports without a thought."

You are special, your company is special but firewalls ports are not there to stop hackers, and (like Accees and Amazon this week) its the firewall themselves that is the target, opening certain ports in the high 9000's is NOT going to help a hacker, they are not going to search for a open firewall port up there when they know port 25 is open, port 80 is open and port 443 is open.

So there you have it, until there is a virtual world MMO that does not need a firewall port open, then come on Boys and Girls of IT, stop scaring the boss and open those ports PLEASE! x

No comments:

Post a Comment