Great Circle Associates Firewalls
(March 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re[2]: Firewall organizational opinions?
From: Don_Tompkins @ esd . tracor . com
Date: Thu, 21 Mar 1996 19:26:36 -0500
To: firewalls @ GreatCircle . COM, "W.C. Epperson" <epperson @ vak12ed . edu> 
     
Interesting perspective... but I would tend to disagree and place the emphasis 
on 'administration' which depending on organizational talent might fall better 
into the 'network' or the 'unix' support groups. This view arises from the idea 
that 'security' group is responsible for insuring approriate policy, procedures,
and administration are implemented. As you point out, resources [as well as 
organization roles and structures] may lead to a different arrangement.   

______________________________ Reply Separator _________________________________
Subject: Re: Firewall organizational opinions?
Author:  "W.C. Epperson" <epperson @
 vak12ed .
 edu> at ESD
Date:    3/21/96 10:55 AM


Richard M. seems to have written:
> 
> I'm looking for opinions on the best organizational location for 
> firewall administration and support staff, when the "firewall" is 
> composed of both routers and unix boxes.
> 
> Do you think this function fits better in a network support group, 
> unix support group, security group, or some other group?
> 
Whenever possible, this function should be, as Padgett puts it, 
"badged to security".  This properly compartmentalizes the function 
and tends to avoid conflicts of interest.  The security dudes may need 
support from both the Unix weenies and the network nerds, but should 
control the keys to their own boxes.  I think you'll tend to get this 
perspective both from experienced security practitioners and internal 
auditors.
     
Pragmatically, it may not be possible resource-wise to do this in some 
organizations (I wear both the systems planning/architecture and security 
hats here but keep at arms' length from systems administration other than 
security-dedicated platforms).  In that case, IMO, it's a tossup:  the Unix 
guys will tend to understand the proxies and stuff better, but the network 
guys will have a better grasp of the underlying protocols and
net traffic.
     
--
W.C. Epperson			"I have great faith in fools. 
Senior SE                        Self-confidence, my friends call it." 
Information Security Officer             --Edgar Allan Poe--
DBA Emeritus
Curmudgeon-for-Life
Virginia Dept. of Education	        
epperson @
 pen .
 k12 .
 va .
 us
Indexed By Date Previous: Re: Cooking a firewall benchmark...
From: mdr @ vodka . sse . att . com
Next: A bit of levity for a cold, grey Tuesday
From: Administrator @ aesprodata . com . au
Indexed By Thread Previous: Re: Firewall organizational opinions?
From: "W.C. Epperson" <epperson @ vak12ed . edu>
Next: Re: Firewall organizational opinions?
From: Greg Skinner <gds @ best . com>
Google
 
Search Internet Search www.greatcircle.com