Firewall Wizards mailing list archives
Re: Firewalls and IS Network bodies
From: chuck yerkes <Chuck () yerkes com>
Date: Thu, 11 Dec 1997 18:25:40 -0500 (EST)
It is claimed, but unverified, that Mike van der Walt wrote:
I am trying to convince my management why a security environment should retain the firewall administration. They believe that the function should be handed to the networking department. What are your reasons/feelings either way? Should I agree with them or should I continue to fight the good fight?
Wow, 6 lines of content, 100 lines of S/MIME signature. For a list. Is this effective use of bandwidth? This is difficult to answer. It's an artificial boundary in the first place. I was recently offering to a cohort that some routers on their network could do NTP broadcasts. It wasn't going happen because the network group didn't do host infrastructure. Well, the firewall (essentially) passes packets, so it's like a router (and may include routers), but it's running Unix (the good ones:), so it should be the Unix admins'. Solutions I've seen are to have a core infrastructure group run it. Internet Services run DNS & web machines (not content), time servers, mail servers, and firewalls (hosts and routers). Working *WITH* the network people and Data Security, Internet Services maintains control over the machines but remains separate from these groups and from the clients groups. SA's in this group can certainly be available to the general SA group (as time permits), but they have primary duty to infrastructure/firewall. This reduces conflict of interest over client demands for stupid things (can you route these UDP packets from the Internet to the sensitive production machines?). chuck
Current thread:
- Firewalls and IS Network bodies Mike van der Walt (Dec 11)
- Re: Firewalls and IS Network bodies chuck yerkes (Dec 11)
- Re: Firewalls and IS Network bodies Andy Howard (Dec 12)
- <Possible follow-ups>
- RE: Firewalls and IS Network bodies Mark Curley (Dec 11)
- RE: Firewalls and IS Network bodies Stout, William (Dec 11)
- RE: Firewalls and IS Network bodies Gary Crumrine (Dec 12)
- RE: Firewalls and IS Network bodies Biggerstaff, Craig T (Dec 12)
- Re: Firewalls and IS Network bodies Bennett Todd (Dec 17)