Firewall Wizards mailing list archives
RE: Firewalls/Internet Security - TNG
From: "Safier, Adam (GEIS)" <Adam.Safier () geis ge com>
Date: Mon, 1 Dec 1997 21:27:57 -0500
My take on Remote Security Management sees your angle as only a small part of a spectrum. How do you apply a couple of the experts or tools you talk about in your note to 200-1000 businesses and how do you keep 1000 policies from getting applied to the wrong firewall, Network Access Server (NAS) or NFR agent? When you do get an alarm how do you make sure you notified the correct customer? I guess that brings up a good point - what is the definition of managing a secure system, especially as a service - The AI to interpret the results VS. the AI to organize the data and possibly make it meaningful to select end users. In a way I think it is both, starting with your AI on interpreting attack patterns and then moving to policies control and distribution, alarm and report distribution and proper customer etiquette by service provider employees. What's needed is a nice database with very pretty, but complete, GUI front end and a remote security device MIB with secure transport and authentication. Yes, I do play Lotto on occasion despite the long odds. Thanks for bringing up the issue. Adam P.S. Should this list be called firewall wizards or would Internet Security Wizards or some such be better, especially considering NFR and the many other area's of security that are popping up? --------------- Adam Safier, Network Engineering Security Consultant GE Information Services, Inc. 401 North Washington St., Rockville, Md. 20850 Ph: 301-340-5737 Internal: 8*273-5737 Fax: 301-340-4005 Adam.Safier () geis ge com http://www.geis.com The opinions above may not be shared by my employer. ---------------
-----Original Message----- From: Edward Cracknell [SMTP:edward () securIT net] Sent: Monday, December 01, 1997 2:44 PM To: Firewall Wizards (Marcus J. Ranum's new moderated mail list) Subject: Firewalls/Internet Security - TNG So, firewall development is slowing/stopped. Intrusion detection is the future.....then where? Always looking a few steps ahead, there are some great intrusion detection products around. Still the intelligence to configure the filters, or interpret the output is required, but what about 'Remote Security Management'? What I explicitly mean by this is a VERY trusted third party receiving and responding to alerts via a secure link to the internal LAN. Customer worries like keeping up to date, knowing what is an intrusion pattern etc. are removed. The customer has a 'team' of experts for the price (annual fee) of one guy/gal. Surely this approach has real merit to all involved? Especially the customer. Looking forward to your comments ----------------------------------------------------------------- Edward Cracknell - <edward () SecurIT net> Independent Consultant with a cool domain-name!
Current thread:
- Firewalls/Internet Security - TNG Edward Cracknell (Dec 01)
- Re: Firewalls/Internet Security - TNG Ted Doty (Dec 03)
- Re: Firewalls/Internet Security - TNG Larry J. Hughes Jr. (Dec 03)
- Re: Firewalls/Internet Security - TNG Frank Willoughby (Dec 03)
- Re: Firewalls/Internet Security - TNG Marcus J. Ranum (Dec 08)
- Re[2]: Firewalls/Internet Security - TNG Edward Cracknell (Dec 09)
- Re: Firewalls/Internet Security - TNG Fred Donck (Dec 11)
- <Possible follow-ups>
- RE: Firewalls/Internet Security - TNG Safier, Adam (GEIS) (Dec 03)
- RE: Firewalls/Internet Security - TNG Wright, Steven (Dec 09)
- Re[2]: Firewalls/Internet Security - TNG Rick_Giering_at_mpg003 (Dec 11)
- Re: Re[2]: Firewalls/Internet Security - TNG Joseph S. D. Yao (Dec 11)
- Re: Re[2]: Firewalls/Internet Security - TNG Rudolf Schreiner (Dec 12)
- Re: Re[2]: Firewalls/Internet Security - TNG Joseph S. D. Yao (Dec 11)