Educause Security Discussion mailing list archives
Re: Cisco Pix Firewall Question
From: David Gillett <gillettdavid () FHDA EDU>
Date: Thu, 5 Mar 2009 09:35:51 -0800
2. With Cisco, I believe you are talking about the Smart-Net
service.
That would be an issue if the firewall fails and they can not get support from TAC. If they have standby spares, this may not be an issue. If they
also have multiple firewalls in Active/Standby configuration, they may
have
designed for failover in other way.Just the one firewall, which they turned on after they learned I'd be
visiting. In the classic version of "We have a firewall, so we're secure!", it's still in its box, neither plugged in nor turned on.... A firewall needs two things on an ongoing basis: 1. Keeping the configuration up-to-date with changes to network topology, content and policies. This might not require a "certified tech", but it needs to be part of the job description of a staffed position. 2. Review of firewall logs to verify that legitimate traffic isn't being blocked and that illegitimate traffic isn't getting through. In some organizations, this may be how the person responsible for #1 learns of network changes, but it can also serve as an audit of their work and so other organizations may prefer to separate these duties. Again, *someone* needs to be doing it. David Gillett, CISSP
Current thread:
- Cisco Pix Firewall Question Sarazen, Daniel (Mar 05)
- <Possible follow-ups>
- Re: Cisco Pix Firewall Question Greene, Chip (Mar 05)
- Re: Cisco Pix Firewall Question Willis Marti (Mar 05)
- Re: Cisco Pix Firewall Question Sarazen, Daniel (Mar 05)
- Re: Cisco Pix Firewall Question Greene, Chip (Mar 05)
- Re: Cisco Pix Firewall Question Brown, Alexander (Mar 05)
- Re: Cisco Pix Firewall Question Greene, Chip (Mar 05)
- Re: Cisco Pix Firewall Question Sarazen, Daniel (Mar 05)
- Re: Cisco Pix Firewall Question King, Ronald A. (Mar 05)
- Re: Cisco Pix Firewall Question David Gillett (Mar 05)
- Re: Cisco Pix Firewall Question Chuck McCants (Mar 05)
- Re: Cisco Pix Firewall Question Adam Carlson (Mar 05)
- Re: Cisco Pix Firewall Question Jeff Kell (Mar 05)
- Re: Cisco Pix Firewall Question Warner, David F (Mar 05)
- Re: Cisco Pix Firewall Question Jim Dillon (Mar 06)