RE: Firewalls and IS Network bodies

[Gary Crumrine <gcrum () us-state gov>]

Hi Mike, I tend to think that this is one of those gray areas that depends 
on how your situation is structured.  I have worked under both scenarios, 
as both can make impassioned claims for the firewall services.  Both worked 
well, but they seemed to work better when coming under a department that 
was responsible for security.  Why?, well that takes a long 
explanation...and I'll try to be brief.  The core reason IMHO comes down to 
autonomy.  The firewall is at a point in the network, that really can see 
everything that is going on within an organization, at least at a point 
where that company projects it's presence to the world.  This device is 
responsible for many things, to probably include limiting unauthorized 
access and protecting assets, but it also is used to enforce corporate 
policy.  By taking it out of networking hands, you can avoid some of the 
associated conflict of interest problems that always seem to come up.   I 
have seen situations where a network manager didn't inform his superiors of 
a problem, and just swept it under the carpet so to speak.  Only to have it 
jump up again later and cost the company a whole lot of money.  Much more 
than if they had dealt with the problem the first time it was noticed.  The 
supervisor was afraid that his reputation would suffer if it got out.

Some people will lobby for the networks branch, because it is a device that 
passes packets...and possibly, they use the same personnel to manage both 
the network and the firewall.  This may make it difficult for that 
individual to be loyal to two bosses.

While others will look to the security folks.  For the above reasons.

This struggle can cause some infighting... and it is very important to get 
all the management players together and thinking as a team. And that their 
actions, and the actions of others should not be taken personal.   Bottom 
line, is that you have to develop the "For the good of the hive" mentality. 
 It is hard to do sometimes.

The best solution in a perfect world, would be that all the players adopt 
the rule that they are there to solve problems, and that all their energy 
should reflect that.  An environment where people are not interested in 
finger pointing , but rather they see these challenges as opportunities to 
work together, is the optimal solution.  It takes good managers, and good 
workers to make this happen.

Good luck with your choices

-----Original Message-----
From:   Mike van der Walt [SMTP:mvdwalt () fnb co za]
Sent:   Thursday, December 11, 1997 10:37 AM
To:     firewall-wizards () nfr net
Subject:        Firewalls and IS Network bodies

I am trying to convince my management why a security environment should
retain the firewall administration.  They believe that the function
should be handed to the networking department.

What are your reasons/feelings either way?  Should I agree with them or
should I continue to fight the good fight?


Thanks,

Mike
 << File: smime.p7s >>