Firewall Wizards mailing list archives
RE: Firewalls and IS Network bodies
From: Gary Crumrine <gcrum () us-state gov>
Date: Fri, 12 Dec 1997 08:44:22 -0500
Hi Mike, I tend to think that this is one of those gray areas that depends on how your situation is structured. I have worked under both scenarios, as both can make impassioned claims for the firewall services. Both worked well, but they seemed to work better when coming under a department that was responsible for security. Why?, well that takes a long explanation...and I'll try to be brief. The core reason IMHO comes down to autonomy. The firewall is at a point in the network, that really can see everything that is going on within an organization, at least at a point where that company projects it's presence to the world. This device is responsible for many things, to probably include limiting unauthorized access and protecting assets, but it also is used to enforce corporate policy. By taking it out of networking hands, you can avoid some of the associated conflict of interest problems that always seem to come up. I have seen situations where a network manager didn't inform his superiors of a problem, and just swept it under the carpet so to speak. Only to have it jump up again later and cost the company a whole lot of money. Much more than if they had dealt with the problem the first time it was noticed. The supervisor was afraid that his reputation would suffer if it got out. Some people will lobby for the networks branch, because it is a device that passes packets...and possibly, they use the same personnel to manage both the network and the firewall. This may make it difficult for that individual to be loyal to two bosses. While others will look to the security folks. For the above reasons. This struggle can cause some infighting... and it is very important to get all the management players together and thinking as a team. And that their actions, and the actions of others should not be taken personal. Bottom line, is that you have to develop the "For the good of the hive" mentality. It is hard to do sometimes. The best solution in a perfect world, would be that all the players adopt the rule that they are there to solve problems, and that all their energy should reflect that. An environment where people are not interested in finger pointing , but rather they see these challenges as opportunities to work together, is the optimal solution. It takes good managers, and good workers to make this happen. Good luck with your choices -----Original Message----- From: Mike van der Walt [SMTP:mvdwalt () fnb co za] Sent: Thursday, December 11, 1997 10:37 AM To: firewall-wizards () nfr net Subject: Firewalls and IS Network bodies I am trying to convince my management why a security environment should retain the firewall administration. They believe that the function should be handed to the networking department. What are your reasons/feelings either way? Should I agree with them or should I continue to fight the good fight? Thanks, Mike << File: smime.p7s >>
Current thread:
- Firewalls and IS Network bodies Mike van der Walt (Dec 11)
- Re: Firewalls and IS Network bodies chuck yerkes (Dec 11)
- Re: Firewalls and IS Network bodies Andy Howard (Dec 12)
- <Possible follow-ups>
- RE: Firewalls and IS Network bodies Mark Curley (Dec 11)
- RE: Firewalls and IS Network bodies Stout, William (Dec 11)
- RE: Firewalls and IS Network bodies Gary Crumrine (Dec 12)
- RE: Firewalls and IS Network bodies Biggerstaff, Craig T (Dec 12)
- Re: Firewalls and IS Network bodies Bennett Todd (Dec 17)