Firewalls: RE: Cost of implementing a firewall

Firewalls
(August 1995)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Cost of implementing a firewall
From:	"Maiwald, Eric" <maiwalde @ nasd . com>
Date:	Fri, 04 Aug 95 08:43:00 PDT
To:	Firewalls List <firewalls @ greatcircle . com>
Encoding:	67 TEXT

>Hello:
>For those of you who have implemented a commercial firewall package I would
>appreciate if you could share your experiences as to how much resources 
does
>it
>take to administer it, hardware costs, and looking back what do you think 
you
>think you ended up paying (including hidden costs and manpower.)? 
 According
>to the vendors it takes very little to administer it but I would really 
like
>to
>get your viewpoint - especially when I am talking about thousands of users.
>Regards
>Vivek

Vivek,

In a previous life I had the job of setting up and administering several 
commercial
firewalls.  They were all from the same vendor.  In general, the hardware 
and
software costs are not hidden.  They are well defined and they vary.  To 
give you
an idea using two commercial products - TIS sells their Gauntlet system with 
the
platform for about $15k.  At the other end, ANS will lease their system with 
a platform
for something over $20k per month (they also sell it but the numbers on that 
escape
me).  The choice of the initial cost and vendor have a lot to do with how 
you will use
the system.

Administering the system will also depend on how you will use it.  If you 
are planning
to set it up and let it run with no outgoing user authentication, it is not 
very time consuming
once you are up to speed.  If every internal user requires an ID/PW then you 
have to
figure out how many changes (adds, deletes, modifies) you will have per 
week.  Depending
on the system, you may have to add/delete accounts, help users with 
forgotten passwords,
and add mail entries for incoming/outgoing mail.  In short, it becomes a 
system
admin job for some number of users.

Another part of the costs deals with the review of the audit logs.  I 
considered this part
of my job to rather important and I examined the logs each morning. 
 Depending on
the traffic of the previous day, it could take me five minutes or two hours.

I hope this is helpful for you.

Eric

 ------------------------------------------------------------------
Eric Maiwald                                     maiwalde @
 nasd .
 com
Senior Information Security Specialist
National Association of Securities Dealers

          All opinions are my own and do not necessarily
          represent the views of my employer.
 ------------------------------------------------------------------

Indexed By Date	Previous:	(fwd) Cisco Security Advisory (July 31, 1995) From: paul @ hawksbill . sprintmrn . com (Paul Ferguson)
Indexed By Date	Next:	Re: Job Openings in TIS Firewalls Group (BRIEF) From: mht <mht @ shore . net>
Indexed By Thread	Previous:	Cost of implementing a firewall From: MAHAJAN_VIVEK @ tandem . com
Indexed By Thread	Next:	Re: IPWatcher (Where to get it) From: ppi @ rpdata . com . au