Re: Firewall Management
- From: roberson@xxxxxxxxxxxx (Walter Roberson)
- Date: Tue, 12 Sep 2006 21:40:58 GMT
In article <1158092533.580220.191760@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
sickfaichezi <sickfaichezi@xxxxxxxxx> wrote:
I would appreciate any comments on firewall management.
I recently have been faced with the choice between paying for a
firewall management service at $1000+ in setup costs and $175 / month
there after or deciding on managing the firewall myself.
We have hired some outside contractors to setup our networks and they
have built this firewall management service into their proposal, but I
am not sure that we necessarily need it and would like to remove it
from the proposal to save some cash.
The outside contractors chose the Cisco ASA5510 and the managed
firewall service for the box will include:
* security updates in the form of patches, releases and upgrades
* policy administration
* event log analysis
* enforcement point management
* incident detection
Basically, I am asking, is it worth it? Would it be hard to manage the
firewall on my own? I am a programmer with a basic understanding of
networks.
I'm not sure I would trust that service: they aren't charging ENOUGH to
be able to do a good job of policy administration, incident detection,
and event log analysis -- not unless you are a very small organization
whose network is already partly sheltered by someone else's firewall.
Based upon your wording, I would deduce that you have never managed
a Cisco PIX or Cisco ASA. If I am correct, then chances are quite
small that you would be able to provide the above management
services to your company for less than the equivilent of $175 per
month (wot, roughly one day's pay per month?), taking into account
your startup costs of learning the ins and outs of the device and
your startup costs of writing a -correct- event log analysis program.
Even if you only get 1500 events per day, that'd be 45000 events
per month that would have to be correlated and analyzed. To be able
to analyze that in less than a day's work (i.e., costing your company
a day's pay per month in lui of paying the consultant $175 per month),
you would have to analyze the events at a rate approaching two events
fully analyzed per second. And if you have a company large enough
to warrant a 5510 instead of a 5505, then you are very likely
going to get a lot more than 1500 events per day. (For example,
we collect 200,000 to 300,000 events per day for 500-ish IP addresses.)
The only company that I know of that could -plausibly- manage
event log analysis and incident detection at a marginal rate of $175
per month for a very small network, would Counterpane Security...
and I'm relatively sure that they would charge a LOT more than $1000
to set everything up for you.
[Of course, you shouldn't naively trust what one bundle of hot hair
(i.e., me :) ) says about firewall management. Before committing
either way, do some credibility analysis, such as searching google groups
on a key of author:roberson group:comp.dcom.sys.cisco ]
.
- Follow-Ups:
- Re: Firewall Management
- From: sickfaichezi
- Re: Firewall Management
- References:
- Firewall Management
- From: sickfaichezi
- Firewall Management
- Prev by Date: Re: Zone Alarm & Skype
- Next by Date: Re: Zone Alarm & Skype
- Previous by thread: Firewall Management
- Next by thread: Re: Firewall Management
- Index(es):
Relevant Pages
|
