The flight is about half over going from the San Francisco Airport to Salt
Lake City. I’ll meet Heather, Daryl, and Christopher just outside the
terminal. We’ll get a bit to eat somewhere, and then Christopher and I will
continue on to Denver and then to Colorado Springs. I understand that
Christopher is pretty excited to be making this trip. Hopefully we can make
it interesting enough for him!!

This airplane is about half full, but it doesn’t have Plus Seating. Many
United airplanes have extended legroom (called “pitch”) on the first 8-10
rows of coach class. The seating there is generally reserved first for
frequent fliers and then for anyone who is flying. This one doesn’t have the
extra room, so the seat is quite uncomfortable when using the computer. The
trip east from San Jose to Denver is usually about 2 hours and 10 minutes.
This flight is 1 hour and 40 minutes from San Francisco to Salt Lake. It
definitely must be an older airplane and they’re flying it pretty slow. I’ll
get into the gate about 3:30 p.m. MDT and am meeting Heather and the gang at
3:45 outside.

The week in California was pretty busy. Monday was our quarterly meeting
with Bryon Look, our CFO. The presentations went well and I think he’s
beginning to understand more about our business and what we do for the
company. Still not much relief in sight for our manpower shortages. Tuesday
I went to Symantec for a briefing about their security processes.

My notes from that meeting:
As you know I was invited to attend a small briefing at Symantec this
morning. It was done by their CIO and discussed how Symantec uses their own
products (they called it “eating their own cookies”) in their security
space. They only use released, generally available Symantec products. The
presentation turned out to be much better than I had hoped. While the
meeting was set up by their sales folks, it definitely wasn’t a sales pitch.
So, here’s the highlights from the presentation:

Symantec did about $1.1 billion last year, 4,000 employees, 500 contractors.
The IT department has just under 300 people and a budget of $70 million.
That compares to $1.8 billion, 5,300 employees, 255 IT people, and a budget
of $72 million. Reasonably about the same size as LSI Logic. No
manufacturing, very different engineering, and a whole bunch more offices.

They’re running Oracle ERP (just upgraded to 11.5.6, which was “enormously
difficult”), Siebel, PeopleSoft for HR, Lotus Notes for e-mail and
collaboration. No SMTP inside the company (made a big point of that, but I
don’t really understand why). They have 209 Unix servers, mostly Solaris,
and run NT or W2K everywhere else.

The Security Director reports to the CIO. He has a staff of 4 people, all
dispersed in different parts of the world (with the director, a total of 5
people). Their jobs scopes are:

• 1 person handles all PKI (located in Cupertino)
• 1 person handles all perimiter security and Unix security (located in
  England)
• 1 person handles all internal security and windows security (located in the
  eastern US)
• 1 person handles business apps security, database security, and security
  awareness (located in Germany)

The director oversees all of this and is responsible for writing polices and
enforcement

One person in internal audit rotates through a whole bunch of audits on IT
each year.

They use their own firewall products and have “far too many” firewalls in
place. Every location has an internet connection and a firewall of some
type. All have VPN concentrators as well.
Offices are categorized as

• Tier 1: Large offices, 250 people or so and larger (about 20 of these
  offices)
• Tier 2: Regional offices, more than 10-20 full time people (about 30 of
  these offices)
• Tier 3: Sales and support offices, fewer than 10 people (about 40 of these
  offices)

Tier 1 and Tier 2 offices are connected on the WAN. Tier 3 offices are
connected through VPN (their own products).

They use their NetRecon package to scan their networks inside and out on a
continual basis. The scans are run by operations (actually seem to be
started and run on a regular schedule by the data center command and control
people). Every subnet gets scanned every six weeks. The perimeter is scanned
once a month. The results of the scans are loaded into a database and
reports prepared from there so they can see what has happened over time.

They have a lot of wireless 802.11b deployed. They were using 3Com’s
products but are switching to Cisco since 3Com doesn’t do MAC Address
validation anymore. They have WEP turned on, but feel it could easily be
turned off. Anything connected to a wireless access point has to use VPN to
get into the network. They’ve had some issues with this and have stumbled
across a couple of “illegal” wireless setups. They don’t look for rogue
wireless setups, but want to start doing something.

All laptops are required to have Symantec’s personal firewall on them.
They’ve had a number of issues with personal firewall and a lot of feedback
has been incorporated into the next version of the personal firewall (which
will be part of their next major release. We’ll deploy this as part of the
next release at LSI Logic. It’s kind of being tested now). I think the new
product is probably pretty good and we should require the same on all laptop
computers.

They have their own anti-virus deployed everywhere…. No surprise there!

Before any server can be put on the network, the builder must schedule a
scan, correct any issues, go through a rescan. Then it can be allowed to
stay on the network. Part of their internal scanning is to find systems that
haven’t been scanned, or that are vulnerable in some way. Operations does
this scanning and gives the reports to the builder and security. They had
almost no Code Red or Nimda issues because the vulnerability had already
been patched.

They use their intrusion detection capability only on the three subnets that
have their critical systems (Oracle, Sieble, Peoplesoft) on them. The
current IDS from Symantec apparently isn’t robust enough to handle a bigger
load (a New and Improved product is coming Real Soon Now).

They use secure-id type tokens (they weren’t from SecureID but I don’t
remember which vendor) for all remote access, including VPN.

They have a Security Emergency Action Plan which describes what kinds of
things constitute Security Emergencies, a classification system on severity
of a Security Emergency, who can declare such an emergency, and what general
kinds of things will be done during an emergency. There were three levels of
emergencies. During the highest two levels, specific additional monitoring
of key DMZ, mission critical, and internet facing systems is implemented.
People are reassigned from their regular jobs to doing this monitoring. They
had two of these emergencies in the past year, mostly because they are
specifically a target just due to the business they are in.

They have four internal networks. One is the normal business network. A
second one is set up for incoming customer viruses (when customers find
suspected viruses, this is the place they can be sent to at Symantec). A
third network is a dirty network — specifically for testing viruses and
their payloads. The fourth network is for testing virus signatures and virus
responses. Lots of internal rules about these networks.

There are also about 30 internal firewalls set up to keep things from
escaping into their business network at large. Since they develop products
such as intrusion detection, firewalls, and a bunch more besides their virus
scanning systems, they have a number of development labs. Every lab is
behind a VPN/Firewall model 200 (I have one of these at home and Really Like
It — I’ve ordered a couple of them which are on back order for y’all to
play with). That allows them to keep these guys separated but also allow
them the ability to do business on the business network.

All perimiter firewalls are managed by the guy responsible for perimiter
security. All internal firewalls are managed by the guy responsible for
internal security. No one outside of the security folks have access to these
firewalls.

They generally run 5 honeypots of various flavors out on the internet-facing
network. It takes about 30 minutes for them to get compromised. Operations
rebuilds one each day after it has been examined to see if anything new
happened. They also run a couple of honeypots internally as another look to
see if anything is amok in their business network. Occasionally one gets
compromised, which constitutes a low-level security emergency.

They scan all outgoing e-mail for viruses. It wouldn’t do to send a virus
from Symantec to someone….

They do some e-mail monitoring looking for gambling, hate mail, and porn.
They use their own products for that monitoring. Issues are handled by HR.
They aren’t yet filtering for spam but a recent 24-hour sample showed about
25% of the incoming e-mail was probably spam. They are looking at how to use
their own products to filter for spam (and weren’t sure they could do it
with the current product suite).

They have every possible variation of their name registered in every
possible domain and are currently managing more than 700 inactive domain
names and about 150 active names.

That’s about all I can remember.

————— end of notes —————-

That afternoon I went to Santa Cruz for some meetings with Caldera. I’ve
been talking with them about doing some things for us at LSI Logic. Primary
reason for interest is that my sister Eileen works there as their HR
Director and that gives me a bit of an entry into the company. However,
they’re always coming up just a bit short when compared to what we can get
from RedHat. More on that later. Anyhow, I had a good visit with the folks
down there and have a good understanding about how they provide support. The
price is $65,000 per year, and that’s too pricey for the amount of support
we actually need.

Wednesday was a bit closer to the office with several other meetings. We’ve
implemented a new search engine in LSI Logic for our intranet and had a
status meeting about that product and what the next phases for it should be.
(Looks like we’re getting close to the Salt Lake area. We’ve started the
descent and are moving around to dodge some thunderstorms.) That was
followed up by some meetings on Microsoft’s System Mangement Software and
how we’re going to handle Spam filtering going forward.

After work on Wednesday I went over to Fry’s and looked through the entire
store. Had a lot of fun and enjoyed looking around. I’d like a new home
computer and may just put one together for me to use. I can get a lot more
computer for the money by assembling components. I could make it a dual-boot
system as well and begin the migration process to Linux entirely at home. I
did buy a clock for Nina similar to the one I have. It syncs up daily with
the National Time Clock meaning that it stays very accurate. Has a couple of
alarms and doesn’t ring very loudly. I also bought a Sony MiniDisk player
that has been built for handling MP3’s and other stuff. I really like how it
works and the small format of the disks. I can get a couple of hours of
music on one minidisk and can carry with me all the music I want on a flight
in a package a fourth the size of the CD player and CD’s that I’ve been
carrying. Further, I can make up my own sequence and mix of music. That’ll
be good as there’s a lot of CD’s that I have where I’m only interested in
one or two cuts. Right now I’m listening to Richard Wagner’s music from the
Ring Cycle. I’ve made up one minidisk with both the Ring and Tannhauser.

Thursday was meetings in the morning and then a meeting with Dell / Intel /
RedHat in the afternoon. In the morning we spent a couple of hours going
through all of the IT survey responses. The responses were very interesting
and hopefully we can do some things to address some of the concerns people
expressed.

The meeting with Dell / Intel / RedHat in the afternoon was very
interesting. RedHat certainly has their act much better together than
Caldera has. They are putting together products that work for business and
their partnering with Dell is very well done. Dell has a lovely ordering
process (they are completely geared towards on-line ordering systems) and
we’ll be using a lot of Dell servers with RedHat Advanced Server on them for
our Engineering Design Application tools. They’ve built something that is
very easy for us to use. Unfortunately, Caldera has missed most of these
boats. I’d like for Eileen to continue to be gainfully employed for a very
long time, but I’m worried about how RedHat seems to eat Caldera’s lunch at
every turn. Caldera’s purchase of SCO Unix seems to be more and more dumb as
time goes on. The company is almost schizophrenic!

I spent the time on Thursday evening learning how to use the new Sony
minidisk system and making up three music disks to take with me on the
airplane today. I also watched The Fellowship of the Ring from the Lord of
the Rings trilogy. It was one of the in-room movies available. The
three-hour movie continues to be very enjoyable. I’m looking forward to
receiving my own copy of it in the mail when it’s released in a couple of
weeks.

Today I went into the office for a few minutes and then left for the SFO
Airport about 9:30. Traffic was absolutely no issue and by 10:45 I was
through security and in the Red Carpet Lounge downloading e-mail and such. I
like security when it happens like that. We’ll see what it’ll be like in
Salt Lake!

We’ve got about 10 returning missioniaries on this flight, most of them
wearing badges from Japan. I’m sure there’ll be a number of families meeting
this flight and being right happy to have their son or daughter home once
again.

That’s all from here….

This entry was copied from an older journaling system on 29 November 2002.