Firewall Wizards mailing list archives
RE: Managed Firewall Service - Opinions
From: Dave Piscitello <dave () corecom com>
Date: Mon, 21 Apr 2003 13:24:56 -0400
At 11:02 AM 4/21/2003 -0400, PMelson () analysts com wrote:
Excellent point. This example, which is probably fairly common, illustrates howrisk management can never be 100% outsourced and requires a good deal of trust between the customer and the MSSP.
Agreed.
Unfortunately for MSSP B, to refuse their customers' requests, regardless of reason, is likely business suicide. On the other hand, if the customer has decided to outsource security services from a company and then ignores their recommendations, then I have to question the customer's commitment to security in the first place.
My experience has been that small organizations (under $25M) aretoo ill-informed about security to have the commitment you might consider appropriate.
From outward appearances, it seems that security awareness and the willingnessto take the extra measure aren't growing as fast as the population of organizations
that are willing to remain ill-informed.
Of course, what's the alternative? If the 3rd-party product vendor has no security commitment, then instead of allowing Telnet, do they hang a $60 modem off a serial port somewhere? Is that any better?
Well, we could begin a thread on SSH (I recommended this, and it turns out that Company B did indeed adopt this about a year later).
Ideally, these issues are addressed in the planning and selection phases of theproject and the 3rd-party vendor agrees to abide by the customer's security requirements before anything is ever installed or paid for.
There's a huge vaccuum between the "Ideal" and "I deal" worlds... David M. Piscitello Core Competence, Inc. & 3 Myrtle Bank Lane Hilton Head, SC 29926 dave () corecom com 843.689.5595 www.corecom.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Managed Firewall Service - Opinions, (continued)
- Re: Managed Firewall Service - Opinions R. DuFresne (Apr 19)
- Re: Managed Firewall Service - Opinions Mike Hoskins (Apr 19)
- Re: Managed Firewall Service - Opinions R. DuFresne (Apr 19)
- RE: Managed Firewall Service - Opinions Behm, Jeffrey L. (Apr 19)
- RE: Managed Firewall Service - Opinions Melson, Paul (Apr 21)
- RE: Managed Firewall Service - Opinions Dave Piscitello (Apr 21)
- RE: Managed Firewall Service - Opinions Mark Tinberg (Apr 25)
- RE: Managed Firewall Service - Opinions Paul D. Robertson (Apr 21)
- RE: Managed Firewall Service - Opinions Dave Piscitello (Apr 21)
- RE: Managed Firewall Service - Opinions Melson, Paul (Apr 21)
- RE: Managed Firewall Service - Opinions Paul D. Robertson (Apr 21)
- RE: Managed Firewall Service - Opinions Melson, Paul (Apr 21)
- RE: Managed Firewall Service - Opinions Dave Piscitello (Apr 21)