Firewall Wizards mailing list archives
Re: Managed Firewall Service - Opinions
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Fri, 18 Apr 2003 16:15:27 -0400 (EDT)
On Fri, 18 Apr 2003, Mike Hoskins wrote:
From: "R. DuFresne" <dufresne () sysinfo com> To: Duncan Sharp <drsharp () pacbell net> Subject: Re: [fw-wiz] Managed Firewall Service - OpinionsMost MSSP's will put into place the rules that your site asks for. This seems to mitigate the issue of whom is at fault for a breach based upon configuration. Now they <the MSSP> are 'supposed' to be the professionals, but, how many will actually caution the client when they want to make the rulebae turn their firewall into a router, or simply impliment a rule or two that are not considered 'safe' or secure?That raises an interesting question. As 'professionals', one would assume some code of professional ethics. I know, for example, that as a CISSP there are certain guidelines you are supposed to follow.
Which raises a question also; if the employer pays for you to get certified, and many do, then where do the loyalties of the certified professional lay? <see below>
Perhaps the good MSSP's (likely the ones that hire the good 'professionals') are the ones that do caution the client.
We found this to be based more upon the corporate climate then an adherence to an ethical standing based upon principals equated to a certifying authority.
Afterall, if an MSSP is simply going to do what the customer says with no questions asked or any attempt to understand the client's requirements and implement the best possible solution... Then why pay an MSSP? Sure they'll manage the equipment and sift through logs for you, but the 'value-add' is greatly reduced IMCO.
How many MSSP's actually proclaim they will not allow a *paying* client to shoot themselves in the foot though? Are there known instances from the group that have gone the outsourced route whence the MSSP refused to impliment a policy change that was requested from authorized personnel for the client? The question might well arise about who is actually in control of the managed service...the payee or the payor? Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Managed Firewall Service - Opinions, (continued)
- Re: Managed Firewall Service - Opinions Jeffery . Gieser (Apr 17)
- RE: Managed Firewall Service - Opinions Melson, Paul (Apr 17)
- RE: Managed Firewall Service - Opinions Melson, Paul (Apr 17)
- RE: Managed Firewall Service - Opinions Paul Robertson (Apr 17)
- Re: Managed Firewall Service - Opinions Joseph S D Yao (Apr 19)
- Re: Managed Firewall Service - Opinions Duncan Sharp (Apr 17)
- Re: Managed Firewall Service - Opinions R. DuFresne (Apr 18)
- Re: Managed Firewall Service - Opinions Mike Scher (Apr 18)
- PIX Config Problem Paul Stewart (Apr 22)
- RE: Managed Firewall Service - Opinions Paul Robertson (Apr 17)
- Re: Managed Firewall Service - Opinions Mike Hoskins (Apr 18)
- Re: Managed Firewall Service - Opinions R. DuFresne (Apr 19)
- Re: Managed Firewall Service - Opinions Mike Hoskins (Apr 19)
- Re: Managed Firewall Service - Opinions R. DuFresne (Apr 19)
- RE: Managed Firewall Service - Opinions Behm, Jeffrey L. (Apr 19)
- RE: Managed Firewall Service - Opinions Melson, Paul (Apr 21)
- RE: Managed Firewall Service - Opinions Dave Piscitello (Apr 21)
- RE: Managed Firewall Service - Opinions Mark Tinberg (Apr 25)
- RE: Managed Firewall Service - Opinions Paul D. Robertson (Apr 21)
- RE: Managed Firewall Service - Opinions Dave Piscitello (Apr 21)
- RE: Managed Firewall Service - Opinions Melson, Paul (Apr 21)
- RE: Managed Firewall Service - Opinions Paul D. Robertson (Apr 21)
- RE: Managed Firewall Service - Opinions Melson, Paul (Apr 21)
- RE: Managed Firewall Service - Opinions Dave Piscitello (Apr 21)