PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Managed firewalls

From: Jack Daniel <jackadaniel () gmail com>
Date: Fri, 11 Feb 2011 22:31:14 -0500
Like most things, "it depends".  As Josh said, if the outsourced
vendor does a great job, it can be very good.  Big honking "if" there,
though.

A few questions off the top of my head:
What are the SLAs, and how are they enforced?
How long does it take to get changes applied?
Do you retain ownership of the hardware on premises?
Do you "own" the configs, or can they flatten the box when terminated?
Do you have audit rights to the systems?
What kind of reporting and documentation do they offer?
Do they guarantee configurations compliant with your regulatory requirements?
What about patching/updating, do they provide a guaranteed update
window after patches/fixes are released?
Is it all in writing?

Jack


On Fri, Feb 11, 2011 at 7:12 PM, Matthew Perry <mlperry () gmail com> wrote:

All,

We have been acquired by another company that is use to outsourcing
their management and monitoring of firewalls to another company.  I
have always been against this especially since they would have the
keys for any point to point connections.  How does everyone else in
the pauldotcom community feel about this and is it a standard
practice?

--
Matthew Perry
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com





-- 
______________________________________
Jack Daniel, Reluctant CISSP
http://twitter.com/jack_daniel
http://www.linkedin.com/in/jackadaniel
http://blog.uncommonsensesecurity.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: