Re: Separate firewall administrator and firewall system administrator

["David R. Matusiak" <matusiak () email unc edu>]

Most security people will balk at the idea of sharing a system or systems
with other team members. Mostly because they imagine the Systems
Administration staff to be incompetent in regards to their duties. I would
argue that this is not always the case.

My experience ranges from a small firm with about 25 people in the IT dept
to a global corp with hundreds of IT admins - and a good number in between
those size ranges. I have noticed that the more dispersed and non-uniform
the staff, the harder it is for them to develop valuable trust
relationships for their systems. At that point, working together and/or
sharing systems can be a mandate from management, but it will hardly be a
success.

However, in smaller and more tightly-knit environs, the Security folks and
the SysAdmins can work in perfect harmony. In these cases, there is a
large amount of knowledge sharing and both parties generally wind up doing
their work better. This can lead to a nice benefit in "failover
protection" to lighten your pager load on weekends.*

food for thought on a friday...
dave matusiak
http://www.ibiblio.org/matusiak/bkmrk.html
[*] and yes, I *do* believe there are cases where one or many systems
should only be guarded by one person...   ...very special and rare cases.

On Fri, 14 Jun 2002, Joe Matusiewicz wrote:

> Greetings,
>
> Management came up with this new proposal.  Our firewalls should now have 
> the operating system managed by the system administration group.  The 
> current firewall administrators should only handle the firewall 
> software.  I never heard of this before.  Is there anyone out there doing this?
>
> Please feel free to comment on this idea.
>
> -- Joe


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards