[Dshield] Re: Security Consulting question

Richard Roy RoyR at justicetrax.com
Thu Aug 14 14:46:39 GMT 2003

That was a stellar reply probably an all too true real life experience.
I appreciate the insight.   I don't want to make a living at it, I do
that already and I'm happily employed.  I was thinking about a few extra
bucks, but boy that makes me wonder if they are worth it.


-----Original Message-----
From: Kenneth Coney [mailto:superc at visuallink.com] 
Sent: Wednesday, August 13, 2003 8:00 PM
To: list at dshield.org
Subject: [Dshield] Re: Security Consulting question

I have been playing with this one for at least 4 years.  I have not been

able to find a way to do this profitably for small ma and pa businesses.

Consider a backwater realty office I know with a small LAN and maybe 6 
stations and remote access for the out of the office types.  After four 
years of neglect and half installations of different sound cards and 
printer types something goes wrong enough to bring it all to a stop and 
they call you in at $40 - $60 per hour.  The owner is thinking in terms
one or two hours tops.  You arrive and find everything from Kaaza to
and half a dozen viruses in the different client files.  Lots of past
present temporary employees with access with varied skill levels.
assignments of the owner's kid on one drive.  A contract that has to be 
printed now, but won't, no firewall, and C drive is accessible via the
etc.  Every port you can imagine wide open and bots and worms
What's a backup and how do we do that?  Windows update, never heard of
how do I do that?  The system software is long lost along with 
authentication codes.  A mother board with a picture of Felix the cat
and a 
Taiwan stamp.  A soundblaster card and thin screen monitor here, and an 
Amber VGA with an actual XT with real 5" floppy drives over there.
that go upstairs then stop.  They think you will wave a magic wand and
will be ready in an hour, two at most.  If you did a flat rate contract 
with them a few months ago you are in big trouble.  Who pays for the new

software to replace or update the old (let's not forget their leaving
CD on the dashboard of a car in the summertime so it warped)?  Is that
in the contract?   You going to install a firewall?  Which one, and who 
pays for it?  A custom customer data base, but they think Elvis took the

custom installation disk when he quit and moved to Tennessee.  Hey they 
have Norton AV 2!  Didn't I see that on the Antiques Road Show?  Is that

3.1?  DOS 6?  The 6 month renewable contract should have some kind of
park price for new updated replacement software in it, based on an 
assessment of what they have at the time you wrote the contract.  That 
means you have to talk them into letting a stranger, you, explore their 
system before you even have the maintenance contract.  Don't mention the

porn files to the owner's wife.  Bet you never saw a LAN with a 386 
workstation before.  I know, Fdisk, format and new everything, let them 
pay.  I sure hope they gave you a liability release for the customer
you erased.  Fifty hours later you are done and give them the bill.
what?  They can't afford it.  Take it back?

It's a problem.  I would love to find a Q & A site by someone who found
way to make it work with the small 3 to 9 station customer base.  The
and pop businesses can't afford a techie at much more than $8 an hour.
can't afford to work for less than $32 an hour.  Half their software has

lost installation disks, there are few backups of anything, they never 
heard of patches, and the other half of their software is hacked
copies.  Don't go there.  Most have long expired anti virus software
wasn't replaced because they couldn't afford the $30 bucks.  Now you
them to pay you $80 an hour?

"Richard Roy" <RoyR at justicetrax.com>
Wed, 13 Aug 2003 12:47:24 -0700
"General DShield Discussion List" <list at dshield.org>

Thanks for all the replies and advice.  I'm not looking to do it full
time or anything, but a few extra bucks will help when the baby arrives!

-----Original Message-----
From: Richard Roy
Sent: Wednesday, August 13, 2003 9:30 AM
To: list at dshield.org
Subject: [Dshield] Security consulting question

I just helped out another nearby small office identify that they have
the latest worm and it is spreading.  They wanted to know how much I'd
charge to fix it.  While there another fella from another office also
said he'd need some help.  I've never done any consulting work, so I'm
curious, what would some of you consultants on the list get for this
type of work?  If you don't feel comfortable giving #'s what about a
site that might have that sort of info.  I'm wondering if it might turn
into something nice on the side for a while.


Richard Roy

list mailing list
list at dshield.org

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list