Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

MoD breaks ranks on custom firewall

From: InfoSec News <isn () c4i org>
Date: Thu, 2 May 2002 02:11:03 -0500 (CDT)
http://networknews.vnunet.com/News/1131396

By Paul Allen [01-05-2002]

Rising technology overhead drives MoD to adopt commercial firewalls
The Ministry of Defence's security technology advisors have changed
their approach to its firewall policy.

David Hartley, unclassified network manager at the Defence Science and
Technology Laboratory (DSTL), formerly the Defence Evaluation Research
Agency (DERA), said the MoD agency had bought in firewall technology
as the overhead of maintaining internally produced code had become too
great.

"While I don't want to suggest we are de-skilling, having people who
can write and maintain code is difficult to justify. Our business is
supporting the network, not coding software," said Hartley.

But Hartley stressed that improvements in commercially available
firewalls, in conjunction with IDS and external evaluation, had been
the main driver behind the strategy switch.

"We have taken a good look at commercial firewalls over the past five
years, and have moved towards them because now they have the strength
for our needs," said Hartley. The move was phased in over the past 14
months.

Former DERA team leader for IT health checks, now managing security
architect at consultants @Stake, Phil Huggins, said using commercially
available firewall code was an issue of support versus trust. "A large
enterprise may not have the necessary skill set to create and run
custom firewall code, they may have future support and training issues
when current staff move on."

He said that while a custom firewall could reap huge benefits in terms
of a better fit for business requirements, the management overhead
could prove too high for many. "It requires both strong skills
management and a recognition that more time may need to be made
available to manage such systems correctly.

"I strongly believe that businesses are better off properly managing a
technology they know well, rather than using a technology it has been
told is more secure, but using it badly," said Huggins.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: