Richard M. seems to have written:
>
> I'm looking for opinions on the best organizational location for
> firewall administration and support staff, when the "firewall" is
> composed of both routers and unix boxes.
>
> Do you think this function fits better in a network support group,
> unix support group, security group, or some other group?
>
Whenever possible, this function should be, as Padgett puts it,
"badged to security". This properly compartmentalizes the function
and tends to avoid conflicts of interest. The security dudes may need
support from both the Unix weenies and the network nerds, but should
control the keys to their own boxes. I think you'll tend to get this
perspective both from experienced security practitioners and internal
auditors.
Pragmatically, it may not be possible resource-wise to do this in some
organizations (I wear both the systems planning/architecture and security
hats here but keep at arms' length from systems administration other than
security-dedicated platforms). In that case, IMO, it's a tossup: the
Unix guys will tend to understand the proxies and stuff better, but the
network guys will have a better grasp of the underlying protocols and
net traffic.
--
W.C. Epperson "I have great faith in fools.
Senior SE Self-confidence, my friends call it."
Information Security Officer --Edgar Allan Poe--
DBA Emeritus
Curmudgeon-for-Life
Virginia Dept. of Education
epperson @
pen .
k12 .
va .
us
References:
|
|
