Firewall Wizards mailing list archives
Re: Outsourcing Firewalls/Internet Security count
From: "Joseph S. D. Yao" <jsdy () cospo osis gov>
Date: Fri, 5 Dec 1997 14:41:48 -0500 (EST)
I suspect we all currently outsource our telephone services, and think nothing of it. Why should we insist on being more private with our network services? The relative youth of the technology comes to mind; and that's fair. But, if you want a REALLY, REALLY private conversation, what do you do? Get on a cell' 'phone? Probably not - you probably go to your respective offices and screw little widgets onto your 'phones, or you meet in Central Park. So with networking - let's go with IPsec or its more secure descendants. OK, having said that, we know that with people becoming ISP's (soi- disant) with $10,000 worth of equipment, there's lots of NON-expertise in keeping things working & secure out there; so there should be some effort to have security. But, by the same token, most of the crackers out there are kids with cookbooks - not the real hacker/crackers that you have to really worry about. If you outsource your firewall to someone with a reasonable clue level, you can probably trust them about as much as you trust the 'phone company. Companies. Whatever. Then, if you've got some neat goodies to conceal, encrypt them. Encrypt your tunnel. Do whatever you would over 'phone lines. But don't make the moderately clueful take on THAT task as well. Heck, I've even heard - although I wouldn't swear to it - that some government installations are considering outsourcing firewalls. I haven't heard that any are actually doing it now, though. Would I do it? Not bloody likely. You have to be pretty paranoid to do network security, and it shows. I'm just like a lot of you: I hate to let anything like that out of my hands, because then I'm not directly controlling it. But that's also part of the reason why I'd never go into business for myself (I don't know how Marcus balances it!): I have trouble balancing business justifications for doing things less than perfectly. Intellectually, I'm aware that such reasons exist. But it's not a part of my central mental model of the world. So why am I arguing for out-sourcing? Because a lot of the arguments I've read have been pretty much from the point of view of that last paragraph: pretty much "I wouldn't do it 'cause it's not the perfect solution." And it's not. But sometimes it can be justified, as not having your own private secure communications network across the world can be justified, as a less-than-perfect solution for less-than-greatest needs. Eh? -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- Re: Outsourcing Firewalls/Internet Security count, (continued)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Larry J. Hughes Jr. (Dec 08)
- Outsourcing firewalls & InfoSec Ops - Part I/II Frank Willoughby (Dec 09)
- Re: Outsourcing firewalls & InfoSec Ops - Part I/II Paul D. Robertson (Dec 15)
- Re: Outsourcing firewalls & InfoSec Ops - Part I/II chuck yerkes (Dec 16)
- Re: Outsourcing firewalls & InfoSec Ops - Part I/II Paul D. Robertson (Dec 17)
- Re: Outsourcing Firewalls/Internet Security count Ted Doty (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Paul D. Robertson (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Joseph S. D. Yao (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Joseph S. D. Yao (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Joseph S. D. Yao (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Alec Muffett - SunLabs (Dec 08)