[Dshield] Re: Security Consulting question

Craig Shaw CraigS at caamb.mb.ca
Thu Aug 14 12:16:43 GMT 2003

Pith 'em new machines. They take it, great. They don't, just walk away. It
seems counter-intuitive maybe, but there are some situations where the job
is more headache than it is worth.

Craig Shaw
Systems Administrator
CAA Manitoba
(204) 262-6035
craigs at caamanitoba.com

-----Original Message-----
From: Kenneth Coney [mailto:superc at visuallink.com] 
Sent: 13-Aug-03 22:00
To: list at dshield.org
Subject: [Dshield] Re: Security Consulting question

I have been playing with this one for at least 4 years.  I have not been 
able to find a way to do this profitably for small ma and pa businesses. 
Consider a backwater realty office I know with a small LAN and maybe 6 
stations and remote access for the out of the office types.  After four 
years of neglect and half installations of different sound cards and 
printer types something goes wrong enough to bring it all to a stop and 
they call you in at $40 - $60 per hour.  The owner is thinking in terms of 
one or two hours tops.  You arrive and find everything from Kaaza to Doom, 
and half a dozen viruses in the different client files.  Lots of past and 
present temporary employees with access with varied skill levels.  Homework 
assignments of the owner's kid on one drive.  A contract that has to be 
printed now, but won't, no firewall, and C drive is accessible via the fax, 
etc.  Every port you can imagine wide open and bots and worms everywhere. 
What's a backup and how do we do that?  Windows update, never heard of it, 
how do I do that?  The system software is long lost along with 
authentication codes.  A mother board with a picture of Felix the cat and a 
Taiwan stamp.  A soundblaster card and thin screen monitor here, and an 
Amber VGA with an actual XT with real 5" floppy drives over there.  Wires 
that go upstairs then stop.  They think you will wave a magic wand and it 
will be ready in an hour, two at most.  If you did a flat rate contract 
with them a few months ago you are in big trouble.  Who pays for the new 
software to replace or update the old (let's not forget their leaving the 
CD on the dashboard of a car in the summertime so it warped)?  Is that cost 
in the contract?   You going to install a firewall?  Which one, and who 
pays for it?  A custom customer data base, but they think Elvis took the 
custom installation disk when he quit and moved to Tennessee.  Hey they 
have Norton AV 2!  Didn't I see that on the Antiques Road Show?  Is that 
3.1?  DOS 6?  The 6 month renewable contract should have some kind of ball 
park price for new updated replacement software in it, based on an 
assessment of what they have at the time you wrote the contract.  That 
means you have to talk them into letting a stranger, you, explore their 
system before you even have the maintenance contract.  Don't mention the 
porn files to the owner's wife.  Bet you never saw a LAN with a 386 
workstation before.  I know, Fdisk, format and new everything, let them 
pay.  I sure hope they gave you a liability release for the customer files 
you erased.  Fifty hours later you are done and give them the bill.  Guess 
what?  They can't afford it.  Take it back?

It's a problem.  I would love to find a Q & A site by someone who found a 
way to make it work with the small 3 to 9 station customer base.  The mom 
and pop businesses can't afford a techie at much more than $8 an hour.  You 
can't afford to work for less than $32 an hour.  Half their software has 
lost installation disks, there are few backups of anything, they never 
heard of patches, and the other half of their software is hacked unlicensed 
copies.  Don't go there.  Most have long expired anti virus software that 
wasn't replaced because they couldn't afford the $30 bucks.  Now you want 
them to pay you $80 an hour?

"Richard Roy" <RoyR at justicetrax.com>
Wed, 13 Aug 2003 12:47:24 -0700
"General DShield Discussion List" <list at dshield.org>

Thanks for all the replies and advice.  I'm not looking to do it full
time or anything, but a few extra bucks will help when the baby arrives!

-----Original Message-----
From: Richard Roy
Sent: Wednesday, August 13, 2003 9:30 AM
To: list at dshield.org
Subject: [Dshield] Security consulting question

I just helped out another nearby small office identify that they have
the latest worm and it is spreading.  They wanted to know how much I'd
charge to fix it.  While there another fella from another office also
said he'd need some help.  I've never done any consulting work, so I'm
curious, what would some of you consultants on the list get for this
type of work?  If you don't feel comfortable giving #'s what about a
site that might have that sort of info.  I'm wondering if it might turn
into something nice on the side for a while.


Richard Roy

list mailing list
list at dshield.org

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list