Re: Firewall Administration

[Bennett Todd <bet () rahul net>]

On Tue, Oct 14, 1997 at 04:20:07PM +0200, Rudolf Schreiner wrote:
> > [Firewall managed by ISP]
> [...] But even if the ISP has the necessary know how there's still
> a big conflict of interests: The ISP is mainly interested that the
> customer uses the Internet as much as possible, because that's $$$
> for him. I don't think this is the customer's top priority...

There _can_be_ a conflict of interest; there isn't necessarily one.
I can fantasize about an ISP who is mainly interested in giving
the best possible service to their customers, with an emphasis on
appropriate security. Heck, I can even think of one or two. This
sort of thing is of course a matter of attitude on the part of the
management of the ISP, and that's (depressingly) subject to change
without notice; some of the most loathesome vermin I've ever heard
of in the business have bought out a couple of small but nice ISPs,
gutted their operations, left a burnt wasteland with abandoned users
behind, and gone on. Worse yet they still aren't out of business,
though their reputation has gotten spread about enough that they
seem to have stopped growing at least.

In the short term ``I want maximum profits this month and to &*#
with my users'' can survive and prosper for a while, until the
available market of victims wises up. Eventually that attitude
corrects itself, though like all ``natural selection'' type controls
it happens with excessive pain and suffering inflicted on
individuals.

I wouldn't have _my_ firewall managed by an unrelated organization.
For a small company that couldn't afford their own administrator, I
might set up a small ``fire-and-forget'' unmaintained unsupported
firewall (see adjacent thread:-) and then let them (attempt to) back
that up with a supported managed firewall from their provider,
outside their own firewall.

-Bennett