As a favor, I am currently providing some guidance to a friend who is
transitioning his small business's ERP system from an ancient dumb
terminal to a modern, Windows-based system.  Internet connectivity
will come as part of this new system.

My friend is old-school and believes that "we should have a moat
around the place."  The current system does connect to the outsidfe
world through a modem, but the modem is physically disconnected from
the phone line when not in use -- just in case someone tries to hack
into the system, ala Matthew Broderick in War Games.

There's two concerns here.  First, I believe it will be helpful to
allow the new ERP system to connect to the Internet -- if only at
times when remote maintenance must be done.  There may be some other
advantages, too, such as linking to Mapquest to look up customers'
locations.  And I believe it will make the outside vendor's life much
easier when they do need to inspect the system remotely.  The
company's software/network vendor will be responsible for ensuring
that the system is not compromised by outside hackers, but my friend
does not believe that this is possible.  He does not even want a ounce
of a chance that something could go wrong.  My feeling is that the
0.0001% chance that something will go wrong is a worthwhile sacrifice.

Second, and less troubling, is that employees will abuse Internet
connectivity.  My understanding is that their use can be restricted
(or totally denied) by granting and denying certain rights on the
network.  My friend is concerned that his employees will waste their
entire working day surfing the web and possibly do bad things online.

Here's what I'm looking for.  I've had the darndest time making the
case that Internet connectivity would be valuable.  And it really
frustrates me.  I have a lot of experience with the Internet, and I
*know* that connectivity would be good, but I just don't know how to
explain myself well.  A five-star answer will give me a good argument
to convince my friend that Internet connectivity will help his new ERP
system and business in general.

Thanks for any good arguments you can lob my way.

---

Clarification of Question by scottso-ga on 07 Jan 2004 12:24 PST

Thanks for your comment, Sean.  I'm not looking for specific hardware
suggestions, since my friend really knows nothing about technical
specifics.  I'm looking for a higher-level argument.  Pretend you're
explaining it to your smart, but non-technical grandmother!

---

Clarification of Question by scottso-ga on 11 Jan 2004 14:50 PST

Any takers on this question?  I'm going to close it soon, I think.  It
seems that my friend is going to have dual computers on many desks --
one for Internet and general use, and one for the ERP system.  This
seems like a waste to me.  Thoughts???

ever considered investigating a firewall.  a properly configured
firewall can protect your network, allow for updates and restrict
internet access for employees.  my suggestion would be to set up a
linux box between your network and the internet, its free, easy to
configure and tons of documentation exists.

in any case, i don't believe that a network without the most up2date
(any redhat fans?) patches and a firewall is secure.

>just in case someone tries to hack
>into the system, ala Matthew Broderick 
>in War Games<

Scottso --

The question made me laugh -- not because it isn't a serious and
continual business problem -- but because Matthew Broderick used an
acoustic modem to hack into DoD computers in the movie.

I've seen the problem commonly.  In fact, during the 1980s there was a
serious objection to additional security measures because of the fear
that firewalls/encryption schemes would cause more problems than they
solved.

My tactic with your friend would be to suggest hiring a security
expert to examine the plans.  However, if he's worried about whether
or not employees are going to be wasting their time online -- he's got
bigger problems than Internet security.  After all, they could be
wasting their time gossiping, listening to the radio, or watching
baseball games in the warehouse if he's not measuring their
productivity.

BTW, get the security expert to test the robustness of any
implementation too.  But make sure he has to do it with an acoustic
modem ;=)

Best regards,

Omnivorous-GA

Hello Scottso,

Its somewhat odd to say (as a researcher using the Internet to make
this comment), but the "old school" methods work pretty well. In my
case, even when I have a local LAN with multiple machines, a firewall,
etc. but I still only enable my connection when I need it and turn it
off when I'm done.

I can see your friend's point of view quite well and unless there is a
compelling BUSINESS need for an always on connection, I would
recommend he continue to work the way he does (except for
disconnecting the modem - telling it to not answer the phone IS good
enough).
  --Maniac

scottso-ga:

Here's an observation. The core of your question is really asking for
benefits of an Internet connection for your friend's business that
will allow him to see real compelling value in putting one in.

Value is a deeply personal thing. So, it almost doesn't matter how
much benefit you can identify to your friend if he were to put in an
Internet connection. In his mind, it seems he values the absolute
peace of mind from NOT having an Internet connection above any sort of
benefits you may be able to show him.

Sure, you could go through all of the obvious candidates: real-time
interaction with his customers and business partners; least-cost
access to information and data providers (mapping data is available in
off-line format as well, it's just a lot more expensive than using a
hosted, online version); remote access to the resources of the LAN for
anyone working remotely with the proper authorization and security
controls (it CAN be a good thing... most people just dwell on it being
a bad thing, but a good VPN gateway is about as secure as your
friend's bank account)... the list can go on. The point isn't that the
list CAN go on... the point is that until your friend is willing to
accept ANY possibility of something going wrong after getting the
Internet connection, and is willing to accept that it is NOT solely
because of the Internet connection, but rather is because of a
security lapse in his business practices, then there's just no easy
way to convince him otherwise.

Instead, I'd focus your efforts on getting him to realize that he
needs to worry about security even without an Internet connection. All
it takes is for one floppy disk containing one worm or virus to be
inserted into one machine on his LAN, and he'll be in trouble. Without
the benefit of an Internet connection to allow any anti-virus software
installed on those computers to regularly and automatically update
themselves, his network will be, in a word, hooped before he even
knows whats happening.

After he sees good security practices as a business advantage, THEN
he'll be ready to apply that thinking to putting in a secure Internet
connection so that his business can enjoy some of these other
advantages.

Just my two cents,

aht-ga
Google Answers Researcher

scottso,

Your friend values security above all else, and, he is stubborn
--unwilling to change his habits and old-school views.  The way I see
it, you and he have become polorized.  The quickest way from point A
to point B is to quit trying to convince him of anything.  He is
resisting your every suggestion and reasoning won't work with him. 
Become neutral.  Listen carefully to what he'd like to do with the
computer.  Maybe he has no interest in taking the company in that
direction, odd as it may sound.  I agree, he'd be missing a lot, but
he _must_ know that.  Wherever possible, ad calculated insertions into
conversations about ways the internet could be helpful --WITHOUT
suggesting he _needs_ to do these things...

The back door approach.  Shrug off your comments like they are not
really important.  If you're lucky, he may begin to ask questions.  He
will be getting a lot of pressure from vendors and customers alike. 
Can you imagine having to tell a customer you don't have email? 
*shudder*  He'll come around, give it time.

In the meantime, go with the isolated machine.  It's better than nothing.


~~Cynthia

As they say, the only secure computer is one in which there is no
access to it, virtually or physically.

Seriously though, a hardware firewall or software (i.e. IPchains,
IPRules, etc) can be very beneficial.  There isn't anything as 100%
foolproof, but there are way to make servers / networks extremely hard
to break into.