RE: Managed Firewall Service - Opinions

["Melson, Paul" <PMelson () sequoianet com>]

Ron,

I would hope that most, if not all, managed service providers would
advise against perceptibly risky firewall change requests, otherwise
what's the purpose of outsourcing to experts?  Risk analysis should be
part of any security service provided by a third party.  In the same
vein, what good is a managed IDS or a VA if the engineer performing the
work can't identify the risks to their customer?  That doesn't seem like
a valuable service to me.  Just my $0.02.

PaulM

-----Original Message-----
From: R. DuFresne [mailto:dufresne () sysinfo com]
Sent: Thursday, April 17, 2003 11:10 PM
To: Duncan Sharp
Cc: Melson, Paul; firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] Managed Firewall Service - Opinions



Most MSSP's will put into place the rules that your site asks for.
This seems to mitigate the issue of whom is at fault for a breach based 
upon configuration.  Now they <the MSSP> are 'supposed' to be the
professionals, but, how many will actually caution the client when they
want to make the rulebae turn their firewall into a router, or simply
impliment a rule or two that are not considered 'safe' or secure?
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards