The Best Defense Is a Firing Offense

What's a CSO to do when his tech expert says No to a request?

I also call Vendor Professional. He has a product available for servers, so we could use the existing firewall and park that software on the host server without disturbing the firewall we have in use. Pretty slick. All we need to do is open the 2,000 ports and then fix them to the IP address for the RPC box, which would not allow the ports to be used with any other server. Problem solved.

Vendor Professional agrees to come by for a demo. EveryoneBig Boss, Technology Guy, Project Boyare gathered in the conference room. Vendor Professional shows us how his RPC-savvy firewall product would work and offers to install it right away.

Predictably, Technology Guy asks a lot of tech questions, but Vendor Professional is prepared and answers them all. Also predictably, Technology Guy leaves the conference room in a huff. Oh well.

Vendor Professional installs the product on the server and, sure enough, it protects the server properly, it deals with RPC strangeness, and it works with the existing firewall. Nice job, says Big Boss. Let's make this happen. Happy to do so, I think to myself.

Except for one thing: I need to get Technology Guy to open up the ports on the connection point firewall to talk to the Internet. When I appear in his doorway, he looks up smugly and says, "Told you it wouldn't work."

"Wrong," I say, even more smugly. "It's up and working, and everyone is happy but you. So you need to open up the 2,000 ports and Port 135 and set them to go to the server's IP address only." Smugness aside, I think I should be commended for my good mood given all the grief I had put up with from Technology Guy about the subject.

And that's when it happens. A dark cloud appears over Vesuvius, and...it...blows. "People who don't know anything about security should not be messing in security stuff," Technology Guy rants. I know he means me, even though I am not completely without a clue when it comes to security technology. "This has completely violated corporate policy," he says. "No one understands the dangers this will unleash." It was almost tragic.

Still, he sticks to his guns and refuses to open the ports in the firewall. I ask him politelyone more timeand still he refuses. As a manager, I know that, in a deadlocked situation, a leader has to make a decision. Yes or no. A nondecision becomes a decision, and the factors will spin off in an uncontrollable way. In this case, I decide yes, we will make the changes and no, I don't need Technology Guy to do it. I track down his backup and ask him to give me the password to the firewall. I may not be an expert, but I know how to open a damn firewall.