Firewall Wizards mailing list archives
Re: Firewall administration.
From: Ted Doty <ted () iss net>
Date: Tue, 07 Oct 1997 07:33:01 -0400
At 06:14 AM 10/6/97 -0700, Bennett Todd wrote:
On Mon, Oct 06, 1997 at 06:14:32AM -0400, Gary Crumrine wrote:
Not every entity doing business on the Internet has the need of, nor can they afford, a full featured super wiz bang firewall, or the obligatory web guru it is going to take to configure it.Ouch ouch ouch. Many ouches. The fullest-featured wiz bang firewall I know of costs <<$1,000 USD for an old throwaway PC clone, plus $0 for
Linux+ipfw+fwtk.
And I don't see where a web guru gets involved at all; what's needed is someone who can read basic literature (e.g. Cheswick and Bellovin) to get the idea of what they need to accomplish, and put down a basic security policy to fit the organization, then read e.g. the Linux Firewall Howto for cookbook-style instructions on how to set the thing up.
What's left out here is the cost of the expertise (*nix administration, fwtk administration, overall security cluefulness in general). I'm guessing that there are more than a couple readers of this list who make fairly decent livings off this. It's pretty clear that the (proper) setup and administration of the firewall is several times more expensive than the firewall itself. Putting down a "basic security policy to fit the organization" is often a non-trivial task: things like relating threats and vulnerabilities to the value of specific data, in tangible (value of accounts receivable database) and intangible (liability due to exposure of records from personnel database) are *hard*. - Ted ---------------------------------------------------------------------------- Ted Doty, Internet Security Systems | Phone: +1 770 395 0150 41 Perimeter Center East | Fax: +1 770 395 1972 Atlanta, GA 30346 USA | Web: http://eng.iss.net/~tdoty ---------------------------------------------------------------------------- PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE
Current thread:
- Re: firewall configurator Was: Firewall administration., (continued)
- Re: firewall configurator Was: Firewall administration. -= ArkanoiD =- (Oct 11)
- Re: firewall configurator Was: Firewall administration. Magossa'nyi A'rpa'd (Oct 12)
- RE: Firewall administration. Gary Crumrine (Oct 06)
- Re: Firewall administration. Bennett Todd (Oct 06)
- Re: Firewall administration. Adam Shostack (Oct 07)
- Re: Firewall administration. Bennett Todd (Oct 07)
- Re: Firewall administration. Marcus J. Ranum (Oct 07)
- Re: Small company question was Re: Firewall administration. Mark Teicher (Oct 09)
- Re: Small company question was Re: Firewall administration. Bennett Todd (Oct 10)
- Re: Firewall administration. Bennett Todd (Oct 06)
- Re: Firewall administration. Larry J. Hughes Jr. (Oct 09)
- Re: Firewall administration. Ted Doty (Oct 07)
- Re: Firewall administration. Bennett Todd (Oct 07)
- Re: Firewall administration. Ted Doty (Oct 12)
- Re: Firewall administration. Bennett Todd (Oct 12)
- Re: Firewall administration. Ted Doty (Oct 12)
- Internet Security Review Mark Teicher (Oct 13)
- Re: Internet Security Review Bennett Todd (Oct 13)
- Re: Internet Security Review Marcus J. Ranum (Oct 14)
- Securing Staff (was Re: Internet Security Review) Jeff Sedayao (Oct 15)
- Re: Internet Security Review Steve Kruse (Oct 13)
- Re: Policy and administration was Re: Firewall administration. Ted Doty (Oct 13)