Re: Firewall Administration

["P.Y BONNETAIN" <pyb () cadrus fr>]

> >    The trust issue is really important here. I have already seen (several
> > times, but not enough to generalize, thanks God) small-to-medium ISPs with,
> > say, critical staffing when related to security (1 or 2 guys max). Those guys,
> > being not that all dumb, gets offered better positions elsewhere (things like
> > that happen, as you well know) or are subcontracted to help some client.
> >    And who gets the firewall admin after they leave ? Well, often someone else
> > who has just fiddled with the proper GUI, etc. Or noone. You (the client) get
> > stuck.
>
> Ironically, this is exactly one of my arguments *for* a managed firewall
> service.  Let the provider worry about staffing the security professionals
> and all the headaches that go with it, so the company can concentrate on
> its core business. 
   This should be true for other things than computers and security, but 
experience shows it is not :-)

> You gotta figure -- if the customer ever gets inferior security service
> from an outside provider, it'll only happen once.  After that the provider
> loses the business.  The provider should know that in advance and be
> losing lots of sleep over it every day.

   Indeed. Provided the customer _can detect_ he gets inferior service. Which
is obviously not the case if he has no one on site managing/checking/etc.. the
security the company gets from the provider. You know as well as I do that some
people just rely on their customers' ignorance/blissfulness/whatever to sell
not-quite-appropriate service and goods.

-- 
-+-+ Pierre-Yves BONNETAIN (aka Pyb)
     Consultant Internet/Sécurité --- B & A Consultants
     Tel : 0 562.793.261 - Fax : 0 561.824.221