> I am assuming that:
> a/ The administration mechanism is secure enough for your
> security policy
> b/ The hired administrators are trustable (according to your
> security policy)
> c/ The hired administrators are more capable/cheaper than
> the in-house talent.
> It is my opinion that out-sourcing your firewall and i-net
> connection makes alot of sense for companies w/ 20-5000 people.
> Building the expertise to manage a firewall 24x7 is moderately
> intense. Companies such as Pilot, Exodus, INS, Netsolve can do
> this far more efficiently, and, ideally, at a higher quality of
> service, than in-house groups.
> As such, I see them, under the proper circumstances, as a win-win
I do not concur with that. I have all too often seen ISP doing FW with
good stuff, good people and bad policy. I have even seen (soooo often) a single
FW protecting the ISP connection, such as
<Internet> ---- <ISP Fwall> --- ISP client 1
--- client 2...
Meaning, of course, that the ISP does leverage its fwall investment because
the same system is used to protect all its clients.
First, not all clients have the same constraints, so this cannot be used. It
Secondly, even if all had the same constraints, what prevents one client to
attack another one ? We're all behind the same fwall, we're blind-trust and
security-light because this is our ISP problem, we pay him for that.
Hell, for 50$ I can subscribe for a Dialup to this ISP and then I am _free_
to attack all his clients. That is an interesting functionnality...
-+-+ Pierre-Yves BONNETAIN (aka Pyb)
B & A Consultants - PROXIMA - Rue des Pyrénées
31330 Grenade-Sur-Garonne - FRANCE
Tel : 05.62.79.32.61 - Fax : 05.61.82.42.21