我的資訊保安工作經驗分享 (一) | My IT Security Experiences (1)
看到女兒們上學去的情景,不禁勾起一陣想當年的思緒。腦海中的記憶不住向後倒流,突然的停在大約18年前,當時我還是一個初出茅廬的小子。為什麼會停在那時呢,大約是因為@victorier一連串的資訊保安文章吧!因為當時我的工作正是這個!
My memory flashed back when I saw my girls going to school. Somehow it stopped at about 18 years ago while was still a fresh potato in the working world. Donno why it didn't went all the way through to my school age, maybe I looked too much to @victorier's IT Secutiy posts.
那時候大眾對資訊保安的認識嚴重不足,很多時跟別人說我的工作時,他們都會很疑惑的說:「保安?銀行的還是大廈的?」不要說是一般人,就算是電腦系統的維護人員,都不太認識資訊保安的重要性和要做什麼。
There was the time that general populations knew nothing and didn't care about IT security. I was asked couple times if I was a secuity guard for banks or buildings. Even IT system administrators were not aware what was IT system security.
當時我是一名資訊保安工程師,基本上所有關於資訊保安的工作都要做。其中有對相關器材的安裝和維護及售前支援,為客戶提供資訊保安的顧問工作,等等。我們這一班工程師有自己的一個工作室,我們在那裡進行一連串的產品測試。你可能會想,那些產品在出廠之前不是會有原廠測試的嗎?為什麼我們還要做第三方的測試呢?
I was an IT Security Engineer, my job included basically everythings about IT security. Like installation, maintenance and pre-sales supports of IT security equipment, and consultancy services for customers. We had a dedicated laboratory where we performed many product testings. You may wonder why it was necessay for us to carry out those product testing as a third party. Didn't there any product testing in manufacturers' factories?
其實就是因為資訊保安產品很多時都會涉及電腦系統中的深層整合和通行及存取控制。安裝及配置這些產品之後,是有可能導致現在的電腦系統出現一些不可預期的情況。例如:
- 在客戶的內部網絡內安裝了一個防火牆之後,因為防火牆的配置問題而導致整個內部網絡失效
- 替客戶的視窗伺服器安裝了最新的微軟安全更新,令到伺服器不能開機
- 安裝了防電腦病毒軟件之後,一些客戶的應該程序都不能運行
以上只是一些比較常見的問題,還有很多千奇百怪的問題,不能一一盡錄。試想像如果一間大企業出現上述的情況,而且不能在短時間之內復原,後果有多嚴重?有多少人會因此而乏掉工作?大家應該都可以想像得到。但是以前的產品生產商都不會進行很全面的兼容性測試,所以以上提到的問題是非常普遍的。
IT security products usually involves low level integration of system products and access control. Install or upgrade of those products might lead to unpredictable consequents. Such as:
- After installing a network firewall, a customer's internal network got totally shutdown.
- Updated a Microsoft Hotfix on a server which broke the server and made it couldn't boot up.
- After installing an anti-virus software, some internal developed applications could not run.
those were common problems, there were hundreds other issues that I cannot exhaust here. Think about something like these happened to big corporate and cannot be fixed in short time, what the damages could be? How many people would lost their jobs? During the time while compatibility tests were rarely seen in manufacturers facilities, those problems happened almost everydays!
所以產品測試是一頂很重要的工作。而且工作量很大,經常要多晚通霄的工作。測驗完之後,還要跟客戶開會去安排那些產品的安裝更新的安排,非常累人的。安裝或更新這些產品一定是在辦公時間以外的時間,最好是在一個比較長的假期中進行。但是香港只有那麼幾個長假期,所以大部分的工作只能安排在週未,並且是通霄趕工。所以那時候很多週未都是在工作中渡過。沒有什麼社交可言。所以我們常說自己這一個行頭是斷六親的行業。幸好那時的工資在IT行業中算是比較高的,叫做有一點點補償。
That's why product testing was an important task. There were tremendous workloads and overnight workings seems to be a norm. After complete testing, we had to meet with customers to discuss how to deploy those products, which again were very energy consuming. Deployment of IT security products normally take places after office hours, preferably during long holidays. Since we only have limited long holidays in Hong Kong, we had to do those jobs over weekends, with over nights works. That's why we had no social life at all, we called ourselves orphans. The only good thing was we got higher salary than other IT professionals as compensations.
今天的分享就到這兒打住。下次再跟大家分享為客戶提供資訊保安顧問工作的事。敬請留意。
Let's stop here. I will share with you my IT Security Consultancy work next time. Stay tuned!
Interesting post, I think, now have the right people to discuss
You're in the same field?
Yes, I like IT-related things, especially software and networks.
great post. thanks for sharing
这是很重要的工作。谁都离不开你们!
這的確是很重要的事,現在社會對這事的注意力提高了,是件好事。
nice one.. will wait for the next post of urs...
辛苦了!資訊保安的確很重要!
已經是十八年前的事了。
就跟醫生一樣,完全都是為工作而生啊.... 真是辛苦你了!!