Re: Firewall Administration

["Larry J. Hughes Jr." <larry () nwnet net>]

>    The trust issue is really important here. I have already seen (several
> times, but not enough to generalize, thanks God) small-to-medium ISPs with,
> say, critical staffing when related to security (1 or 2 guys max). Those guys,
> being not that all dumb, gets offered better positions elsewhere (things like
> that happen, as you well know) or are subcontracted to help some client.
>    And who gets the firewall admin after they leave ? Well, often someone else
> who has just fiddled with the proper GUI, etc. Or noone. You (the client) get
> stuck.

Ironically, this is exactly one of my arguments *for* a managed firewall
service.  Let the provider worry about staffing the security professionals
and all the headaches that go with it, so the company can concentrate on
its core business. 

You gotta figure -- if the customer ever gets inferior security service
from an outside provider, it'll only happen once.  After that the provider
loses the business.  The provider should know that in advance and be
losing lots of sleep over it every day.

(This is not to say that any ISP is properly equipped to provide security
services and consulting.  In my experience the vast majority are not.) 

Also consider the following -- would serious security professionals rather
be working for a single small or medium sized business whose core is
making widgets -- or one that provides security services to multiple
customers?  I figure retention is better in the latter due to the interest
factor alone.  A small to medium sized business is often lucky to find a
good networking person, let alone one who is sufficiently expert in
security matters.

---
Larry J. Hughes Jr.    larry () nwnet net     http://www.nwnet.net/~larry/