Firewall Wizards mailing list archives
Re: Managed Firewall Service - Opinions
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 17 Apr 2003 23:09:43 -0400 (EDT)
Most MSSP's will put into place the rules that your site asks for. This seems to mitigate the issue of whom is at fault for a breach based upon configuration. Now they <the MSSP> are 'supposed' to be the professionals, but, how many will actually caution the client when they want to make the rulebae turn their firewall into a router, or simply impliment a rule or two that are not considered 'safe' or secure? Thanks, Ron DuFresne On Thu, 17 Apr 2003, Duncan Sharp wrote:
"Melson, Paul" wrote:To be fair, any security services company with a half-way decent legal department will require some level of disclaimer like this in their SLA, or any contract for that matter. You're asking too much if you want to pay a vendor $15K-$20K/yr and expect them to pay 10x to 100x that back if there's a security incident. I can't think of any industry where a vendor assumes that level of risk. That doesn't mean you can't still sue them, though, if you feel their was negligence or incompetence on their part.Paul; I can think of at least two service areas: 1: Rent-a-guards, where either the guards are bonded or the guard service is insured. 2: Offsite tape {data,document} storage providers. Where the employees are bonded. Hopefully the company offers insurance as an option. It would seem to be prudent to offer some sort of performance penalty in the contract, than to leave the outsourcing company exposed to unlimited damages. In other words offer the customer upto 10x the yearly service fee in verified damages. One additional item of consideration of inhouse vs. outsource: If the inhouse employee(s) fail, I can feel the satisfaction of firing them. This best works for a "at will employee in the US". If the outsourcer fails, I can feel the satisfaction of [???? ???? ????]. Yours, Duncan Sharp-----Original Message----- From: Jeffery.Gieser () minnesotamutual com@AICNOTES Sent: Thursday, April 17, 2003 11:39 AM To: firewall-wizards () honor icsalabs com Cc: Fiamingo, Frank Subject: Re: [fw-wiz] Managed Firewall Service - Opinions[...snip...]4. They usually force you to sign an agreement stating they are not resposible for any security incident at your site even if it results from a configuration mistake that they made on your firewall._______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Managed Firewall Service - Opinions Fiamingo, Frank (Apr 17)
- Re: Managed Firewall Service - Opinions Paul Robertson (Apr 17)
- RE: Managed Firewall Service - Opinions Paul Stewart (Apr 17)
- RE: Managed Firewall Service - Opinions Paul Robertson (Apr 17)
- <Possible follow-ups>
- Re: Managed Firewall Service - Opinions Jeffery . Gieser (Apr 17)
- RE: Managed Firewall Service - Opinions Melson, Paul (Apr 17)
- RE: Managed Firewall Service - Opinions Melson, Paul (Apr 17)
- RE: Managed Firewall Service - Opinions Paul Robertson (Apr 17)
- Re: Managed Firewall Service - Opinions Joseph S D Yao (Apr 19)
- Re: Managed Firewall Service - Opinions Duncan Sharp (Apr 17)
- Re: Managed Firewall Service - Opinions R. DuFresne (Apr 18)
- Re: Managed Firewall Service - Opinions Mike Scher (Apr 18)
- PIX Config Problem Paul Stewart (Apr 22)
- RE: Managed Firewall Service - Opinions Paul Robertson (Apr 17)
- Re: Managed Firewall Service - Opinions Mike Hoskins (Apr 18)
- Re: Managed Firewall Service - Opinions R. DuFresne (Apr 19)
- Re: Managed Firewall Service - Opinions Mike Hoskins (Apr 19)
- Re: Managed Firewall Service - Opinions R. DuFresne (Apr 19)
- RE: Managed Firewall Service - Opinions Behm, Jeffrey L. (Apr 19)
- RE: Managed Firewall Service - Opinions Melson, Paul (Apr 21)
- RE: Managed Firewall Service - Opinions Dave Piscitello (Apr 21)
- RE: Managed Firewall Service - Opinions Mark Tinberg (Apr 25)
- RE: Managed Firewall Service - Opinions Paul D. Robertson (Apr 21)
- RE: Managed Firewall Service - Opinions Dave Piscitello (Apr 21)
(Thread continues...)