Re: [fw-wiz] Managed Firewall Service - Opinions
From: Mike Hoskins (email@example.com)
From: Mike Hoskins <firstname.lastname@example.org> To: email@example.com Date: Fri, 18 Apr 2003 11:36:15 -0700 (PDT)
From: "R. DuFresne" <firstname.lastname@example.org>
To: Duncan Sharp <email@example.com>
Subject: Re: [fw-wiz] Managed Firewall Service - Opinions
> Most MSSP's will put into place the rules that your site asks for.
> This seems to mitigate the issue of whom is at fault for a breach based
> upon configuration. Now they <the MSSP> are 'supposed' to be the
> professionals, but, how many will actually caution the client when they
> want to make the rulebae turn their firewall into a router, or simply
> impliment a rule or two that are not considered 'safe' or secure?
That raises an interesting question. As 'professionals', one would assume
some code of professional ethics. I know, for example, that as a CISSP
there are certain guidelines you are supposed to follow. Perhaps the good
MSSP's (likely the ones that hire the good 'professionals') are the ones
that do caution the client. Afterall, if an MSSP is simply going to do
what the customer says with no questions asked or any attempt to
understand the client's requirements and implement the best possible
solution... Then why pay an MSSP? Sure they'll manage the equipment and
sift through logs for you, but the 'value-add' is greatly reduced IMCO.
-- From: "Spam Catcher" <firstname.lastname@example.org> To: email@example.com Don't send email to the address listed here or you will be added to a blacklist! It is a TRAP for address harvesters. _______________________________________________ firewall-wizards mailing list firstname.lastname@example.org http://honor.icsalabs.com/mailman/listinfo/firewall-wizards