Firewall Wizards mailing list archives
RE: Firewall Administration
From: Steve Kruse <jsk347 () worldnet att net>
Date: Sat, 11 Oct 1997 17:38:43 -0400
At 11:37 PM 10/7/97 +0000, Larry J. Hughes Jr. wrote:
Adam Shostack <adam () homeport org> writes:So what should a small company do? They don't have the skill in house; probably can't find someone good to bring in as a consultant or staff member, since the big players pay more. So, should they not buy a FW when connecting to the internet? Even a badly done screening router offers some protection. (It also offers overmuch peace of mind; but a good fitness for purpose warranty might fix that.)I joined the list mid-stream, so hopefully my $0.02 isn't redundant. We have to address this all the time with our customers, which range from the very small to the very large. (We are a good-sized regional ISP.) The general case of simply setting up a full-fledged firewall for a small- to medium-sized business is very rarely a good idea, because after the setup they still aren't security savvy -- so they may later end up worse off than just having some basic packet filtering in the router. Our solution was to invent several levels of managed firewall service, which scale in features (hence cost) according to the customer's purse. The variance in features has more to do with value-add and incident handling priority than it does with overall quality of service. The downside is, yes, it costs them some money. The upside is it costs them only a fraction of what it does to hire a single security expert. They also inherit the windfall of not having to worry about a single in-house security guru leaving for greener pastures, which happens too often in this business. --- Larry J. Hughes Jr. larry () nwnet net http://www.nwnet.net/~larry/
Another $.02 worth but ... For small companies I agree that a managed firewall service from their ISP is probably a good answer SO LONG AS you spend the time to help them develop security policies and train their users as to the things they can do to minimize damages. For "medium" size companies (just what IS a medium size, anyway?) however there may be more at stake. My personal problem, were I to be the IS manager of a 'medium' sized company with more resources than a "small" company is: HOW DO I KNOW I CAN TRUST THE FIREWALL MANAGER(s)? (nothing personal to you here!!!) If I totally relinquish control of my network-->internet security, what assurance do I have that a rogue employee of the ISP isn't diddling with my net? What about an employee that needs money so they sell off the keys to the kingdom of 10 or 20 or 30 companies to someone? Does the ISP bond every employee who can touch that firewall, and is there a mechanism to ensure MY damages will be compensated if this occurs? The value of my information vs. the cost of a security consultant whom I can choose, bond and control may be a small price to pay in the long run. Ok..so maybe it's only $.01 worth. But...something to think about. Flames ignored...comments welcome! ***************************************************** * Steve Kruse Milkyway Networks * * Network Systems Engineer 1342 E. Vine St. #224 * * 407-847-8977 Voice Kissimmee, FL 34744 * * 407-847-7203 Fax http://www.milkyway.com * *****************************************************
Current thread:
- Re: Firewall administration Rik Farrow (Oct 06)
- Re: Firewall administration David Collier-Brown (Oct 06)
- Re: Firewall administration Bennett Todd (Oct 07)
- Sidebar re idiots (was Firewall administration) David Collier-Brown (Oct 07)
- Re: Firewall administration Bennett Todd (Oct 07)
- <Possible follow-ups>
- Re: Firewall administration Anton J Aylward (Oct 07)
- Re: Firewall administration Anton J Aylward (Oct 07)
- RE: Firewall Administration Steve Kruse (Oct 12)
- Re: Firewall Administration P.Y BONNETAIN (Oct 12)
- Re: Firewall Administration Larry J. Hughes Jr. (Oct 13)
- Re: Firewall Administration Rudolf Schreiner (Oct 14)
- Re: Firewall Administration Bennett Todd (Oct 15)
- Re: Firewall Administration P.Y BONNETAIN (Oct 14)
- Re: Firewall Administration P.Y BONNETAIN (Oct 12)
- Re: Firewall administration David Collier-Brown (Oct 06)