Re: Managing Firewalls

["Rajeev Gupta" <rgup14 () gmail com>]

At a minimum, customers would like to see a mix of the following:

1. View their policy in read-only
2. View live logging of their traffic - if not 'live', they would ask
for historical log files or reporting based on these logs analysis
3. Maintaining certain naming conventions for their networks/objects
which needs to be resolved based on ISP naming conventions.
4. Monitoring of the firewall/VPN devices for any hw failures/CPU
spikes or various fw processes by ISP
5. Traffic analysis and reports in various categories - such as 'the
top 10 services being used', trend-analysis to assess and scale up
hw/software.
6. They would like to see effective 'reprovisioning/replacements'
policies in view of any hw/os/fw failure.

These are based on real experience from ISP level and may serve a
starting point for you - very raw list but hope it helps.

Rajeev

On 8/31/06, Ravi Malghan <rmalghan () yahoo com> wrote:
> Hi: I am in a Managed Security Environment managing
> 100+ netscreen and checkpoint firewalls. The current
> management/monitoring we provide is very messed up and
> I want to start from scratch. I am trying to
> understand what kind of management functionalities do
> typical enterprise customers like to see from their
> ISP as far as the firewalls are considered. Since the
> type of customers vary (financial, health etc), I am
> trying to come up with a base framework from which I
> can built additional functionalities based on the type
> of customer. Currently I collect logs from all the
> firewalls and store them in a database. Are there any
> whitepapers or standards? Any suggestions on where I
> can start from?
>
> Thanks in advance.
> Ray
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------