Re: Firewall Administration

["P.Y BONNETAIN" <pyb () cadrus fr>]

> My personal problem, were I to be the IS manager of a 'medium' sized
> company with more resources than a "small" company is:  HOW DO I KNOW I CAN
> TRUST THE FIREWALL MANAGER(s)?  (nothing personal to you here!!!)  If I
> totally relinquish control of my network-->internet security, what
> assurance do I have that a rogue employee of the ISP isn't diddling with my
> net?  What about an employee that needs money so they sell off the keys to
> the kingdom of 10 or 20 or 30 companies to someone?  Does the ISP bond
> every employee who can touch that firewall, and is there a mechanism to
> ensure MY damages will be compensated if this occurs?  

   Just to add some comments, since you asked for them...
   The trust issue is really important here. I have already seen (several
times, but not enough to generalize, thanks God) small-to-medium ISPs with,
say, critical staffing when related to security (1 or 2 guys max). Those guys,
being not that all dumb, gets offered better positions elsewhere (things like
that happen, as you well know) or are subcontracted to help some client.
   And who gets the firewall admin after they leave ? Well, often someone else
who has just fiddled with the proper GUI, etc. Or noone. You (the client) get
stuck.
   I just _hate_ to have something as important as my security policy going
down the drain like that, usually without even knowing it.

   My own 0.02 cents (will be centi-euro soon).
-- 
-+-+ Pierre-Yves BONNETAIN (aka Pyb) - bonnetain () acm org
     Consultant Internet/Sécurité --- B & A Consultants
     Tel : 0 562.793.261 - Fax : 0 561.824.221