I have a practical question which I would like to pose to others on this list.
In the year or so that I have been lurking on Firewalls, I have heard a great
deal of discussion which leads me to believe that most people on this list must
have far more time on their hands than I do. Various individuals have
mentioned that they take regular time out of their day to perform in-depth
reviews of firewall logs, or that they are in the process of rewriting some
piece of network software they don't care for.
As an in-the-trenches network manager, I find myself wondering what the
difference is between these individuals' job descriptions and my own. Between
ordering and configuring new systems, tracking down the latest wiring problems,
redesigning our internal network, and trying to keep my programming skills from
getting *too* rusty, I barely have time to catch my morning coffee, much less
try to review the last 24-hours of dial-in logs.
I understand that a number of people on this list are security professionals
rather than network managers, but I'd like to hear from those who *are*
responsible for the day-to-day administration of small-to-medium-size
networks. How realistic is it for network managers to be able to take the sort
of labor-intensive security steps that are advocated here? In addition, how
*necessary* is it? If I'm not able to dedicate these sorts of resources, how
big a hole am I opening up for myself? I'm well aware that if somebody really
*wanted* to break into our network, they could (there are a thousand ways; the
Internet is the least of my concerns, frankly): I'm more concerned about how
likely it is that they *will*. (We're in the process of establishing our first
dedicated connection to the Internet: it'll be well firewalled, but I know
that's a long ways from a complete security solution.)
I'd appreciate any comments or thoughts.
MIS Operations Manager
Independent National Mortgage Corporation