Firewall Wizards mailing list archives
Re: Firewalls and IS Network bodies
From: Andy Howard <achowar () erenj com>
Date: Fri, 12 Dec 1997 08:05:07 -0600
Mike: following is one line of thot... assuming you mean a firewall between a corporate network and the Internet. Firewalls between departments of same company could be approached differently. It's a team effort, but the network people should do the actual administrating... the firewall exists, in my mind, to protect the network and the devices on it, per corporate risk assessment and following security policy. The security and controls people assess the risk and determine the policy and what needs to be protected. The network people technically know how to implement that policy. The security people then look over their shoulders as a double check, reading logs and such, checking configuration periodically. Course, this assumes a good working relation between the two groups. The risk assessment and security policy planning should include network people. The implementation part should include security people. It also depends on how much each knows of the other's business. If I had to lean one way or the other, I would put it in the network side of the house. It is easy enough to follow CERT, CIAC, etc advisories, but how to implement the fixes and such should lay with the network group. They have to deal with such problems routinely, whether the corporation is connected to the Internet or not. It also depends on how big your corporation is, and whether you have enough people to break these things up. Disclaimer: I am predominantly a networking person, who also keeps track of security issues. Even if the security people miss something, who do you think gets the first call when the network craters? (-: -------------- Mike van der Walt wrote:
I am trying to convince my management why a security environment should retain the firewall administration. They believe that the function should be handed to the networking department. What are your reasons/feelings either way? Should I agree with them or should I continue to fight the good fight? Thanks, Mike --------------------------------------------------------------- Name: smime.p7s Part 1.2 Type: application/x-pkcs7-signature Encoding: base64 Description: S/MIME Cryptographic Signature
-- Andy Howard achowar () erenj com -- the above comments are mine only--
Current thread:
- Firewalls and IS Network bodies Mike van der Walt (Dec 11)
- Re: Firewalls and IS Network bodies chuck yerkes (Dec 11)
- Re: Firewalls and IS Network bodies Andy Howard (Dec 12)
- <Possible follow-ups>
- RE: Firewalls and IS Network bodies Mark Curley (Dec 11)
- RE: Firewalls and IS Network bodies Stout, William (Dec 11)
- RE: Firewalls and IS Network bodies Gary Crumrine (Dec 12)
- RE: Firewalls and IS Network bodies Biggerstaff, Craig T (Dec 12)
- Re: Firewalls and IS Network bodies Bennett Todd (Dec 17)