Firewall Wizards mailing list archives
RE: Outsourcing Firewalls/Internet Security count
From: Gary Crumrine <gcrum () us-state gov>
Date: Mon, 8 Dec 1997 06:48:57 -0500
That is true Joe...but could you explain the root difference between acting as a consultant to a government agency, performing essentially the same monitoring tasks, designing safe systems etc...AND doing the same as an independant or employee of an outsource company...perhaps running a monitoring center etc.. There is none. Oh yes the govvie setup provides the equipment and building, perhaps some physical security, and a perception that they are under control, but unless the intended stuff is classified, and they are not using the REAL Internet as the backbone, what is the difference?.... You will run into good people, and bad in both cases. -----Original Message----- From: Joseph S. D. Yao [SMTP:jsdy () cospo osis gov] Sent: Friday, December 05, 1997 2:42 PM To: firewall-wizards () nfr net Subject: Re: Outsourcing Firewalls/Internet Security count I suspect we all currently outsource our telephone services, and think nothing of it. Why should we insist on being more private with our network services? The relative youth of the technology comes to mind; and that's fair. But, if you want a REALLY, REALLY private conversation, what do you do? Get on a cell' 'phone? Probably not - you probably go to your respective offices and screw little widgets onto your 'phones, or you meet in Central Park. So with networking - let's go with IPsec or its more secure descendants. OK, having said that, we know that with people becoming ISP's (soi- disant) with $10,000 worth of equipment, there's lots of NON-expertise in keeping things working & secure out there; so there should be some effort to have security. But, by the same token, most of the crackers out there are kids with cookbooks - not the real hacker/crackers that you have to really worry about. If you outsource your firewall to someone with a reasonable clue level, you can probably trust them about as much as you trust the 'phone company. Companies. Whatever. Then, if you've got some neat goodies to conceal, encrypt them. Encrypt your tunnel. Do whatever you would over 'phone lines. But don't make the moderately clueful take on THAT task as well. Heck, I've even heard - although I wouldn't swear to it - that some government installations are considering outsourcing firewalls. I haven't heard that any are actually doing it now, though. Would I do it? Not bloody likely. You have to be pretty paranoid to do network security, and it shows. I'm just like a lot of you: I hate to let anything like that out of my hands, because then I'm not directly controlling it. But that's also part of the reason why I'd never go into business for myself (I don't know how Marcus balances it!): I have trouble balancing business justifications for doing things less than perfectly. Intellectually, I'm aware that such reasons exist. But it's not a part of my central mental model of the world. So why am I arguing for out-sourcing? Because a lot of the arguments I've read have been pretty much from the point of view of that last paragraph: pretty much "I wouldn't do it 'cause it's not the perfect solution." And it's not. But sometimes it can be justified, as not having your own private secure communications network across the world can be justified, as a less-than-perfect solution for less-than-greatest needs. Eh? -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- Re: Outsourcing Firewalls/Internet Security count, (continued)
- Re: Outsourcing Firewalls/Internet Security count Aleph One (Dec 03)
- Re: Outsourcing Firewalls/Internet Security count Paul D. Robertson (Dec 04)
- Re: Outsourcing Firewalls/Internet Security count Ted Doty (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Paul D. Robertson (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Joseph S. D. Yao (Dec 05)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Joseph S. D. Yao (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Joseph S. D. Yao (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Alec Muffett - SunLabs (Dec 08)
- Re: Outsourcing Firewalls/Internet Security count Bennett Todd (Dec 09)