RE: Firewalls/Internet Security - TNG

["Safier, Adam (GEIS)" <Adam.Safier () geis ge com>]

My take on Remote Security Management sees your angle as only a small
part of a spectrum.  How do you apply a couple of the experts or tools
you talk about in your note to 200-1000 businesses and how do you keep
1000 policies from getting applied to the wrong firewall, Network Access
Server (NAS) or NFR agent?  When you do get an alarm how do you make
sure you notified the correct customer?  

I guess that brings up a good point - what is the definition of managing
a secure system, especially as a service - The AI to interpret the
results VS. the AI to organize the data and possibly make it meaningful
to select end users.  In a way I think it is both, starting with your AI
on interpreting attack patterns and then moving to policies control and
distribution, alarm and report distribution and proper customer
etiquette by service provider employees.

What's needed is a nice database with very pretty, but complete, GUI
front end and a remote security device MIB with secure transport and
authentication.  Yes, I do play Lotto on occasion despite the long odds.

Thanks for bringing up the issue.
Adam

P.S. Should this list be called firewall wizards or would Internet
Security Wizards or some such be better, especially considering NFR and
the many other area's of security that are popping up?

---------------
Adam Safier,  Network Engineering Security Consultant
GE Information Services, Inc.
401 North Washington St., Rockville, Md. 20850
Ph: 301-340-5737    Internal: 8*273-5737   Fax: 301-340-4005
Adam.Safier () geis ge com        http://www.geis.com

The opinions above may not be shared by my employer.
---------------

> -----Original Message-----
> From: Edward Cracknell [SMTP:edward () securIT net]
> Sent: Monday, December 01, 1997 2:44 PM
> To:   Firewall Wizards (Marcus J. Ranum's new moderated mail list)
> Subject:      Firewalls/Internet Security - TNG
>
> So, firewall development is slowing/stopped. Intrusion detection is
> the
> future.....then where?
>
> Always looking a few steps ahead, there are some great intrusion
> detection products around. Still the intelligence to configure the
> filters, or interpret the output is required, but what about 'Remote
> Security Management'?
>
> What I explicitly mean by this is a VERY trusted third party receiving
> and responding to alerts via a secure link to the internal LAN.
> Customer
> worries like keeping up to date, knowing what is an intrusion pattern
> etc. are removed. The customer has a 'team' of experts for the price
> (annual fee) of one guy/gal.
>
> Surely this approach has real merit to all involved? Especially the
> customer.
>
> Looking forward to your comments
>
> -----------------------------------------------------------------
> Edward Cracknell - <edward () SecurIT net>
> Independent Consultant with a cool domain-name!