RE: [fw-wiz] Managed Firewall Service - Opinions

From: Melson, Paul (PMelson@sequoianet.com)
Date: 04/21/03

  • Next message: Melson, Paul: "RE: [fw-wiz] Managed Firewall Service - Opinions"
    From: "Melson, Paul" <PMelson@sequoianet.com>
    To: "Paul D. Robertson" <proberts@patriot.net>
    Date: Mon, 21 Apr 2003 10:40:39 -0400
    

    > There are two purposes, the first, and main is *operational*
    outsourcing.
    > 24x7 coverage, alerting, event interpretation and reporting, platform
    > maintenance, etc. The second is being able to ask "what's the best
    way to
    > do $foo?"

    Alerting and event interpretation sound like risk analysis tasks to me.
    If your service provider isn't doing some form of risk analysis based on
    their knowledge of your environment and the Internet in general before
    contacting you, then you could probably replace them with a software
    product, yes?

    > Anyone who expects magical insight is fooling themselves at the price
    > points MSSPs charge. A full security service looks at a heck of a lot

    > more than just the firewall ruleset (and costs a heck of a lot more
    than
    > managed monitoring of one or two devices.)

    I couldn't agree more. If you read back to the beginning of the thread,
    I gave this exact piece of advice to Frank when he first broached the
    subject. It's important to work with a vendor that brings more to the
    table than just "a few guys that can write access-lists." I guess
    because I work for the latter, I failed to distinguish between a service
    provider that only makes requested changes to the firewall and one that
    manages the firewall in conjunction with a bevy of other security
    services.

    PaulM

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Melson, Paul: "RE: [fw-wiz] Managed Firewall Service - Opinions"

    Relevant Pages

    • Re: Which of these firewalls for XP?
      ... your firewall disabled by a virus. ... Be cautious when evaluating the alerting aspects of these programs. ... > I have Norton Personal Firewall 2002 and Kerio Personal Firewall 2.14. ...
      (comp.security.firewalls)
    • Re: Port 1026
      ... > Why am I being attacked on port 1026? ... My software firewall was ... Tiny Personal Firewall put a message up ... > on the screen alerting me ...
      (comp.security.firewalls)
    • Re: Port 1026
      ... > connect attempts on port 1026. ... > instead of hardware devices. ... Tiny Personal Firewall put a message up on ... > the screen alerting me ...
      (comp.security.firewalls)
    • Re: retaliation?
      ... > Over the last week my firewall has been alerting me to blocked ping of ...
      (comp.security.firewalls)