> Having gone through the process of selecting a firewall to protect our
> network from a leased-line connection to an ISP, I have been told that
> we are now considering using a managed service, whereby an ISP runs
> What is the lists opinion of this? Personally I do not like the idea
> of FMing out our security. Does anyone have any experience of such a
This is an interesting question, and one that I've encountered more than once
now. My personal opinion is "DON'T DO IT!", but that assumes (as someone else
has already pointed out) that the necessary knowledge exists in-house to
compentently manage a firewall. Firewalls (define firewall :) are improving
all the time, and getting easier to manage: nobody needs help to follow
my train of thought.
However, I'd like to change the question a bit and see who bites :-)
In the UK a new British Standard has recently (ish) sprung into life: BS7799.
It's loosely called a code of practise for information security: it's only
a code of practise because the thorny issue of getting certified to 7799
hasn't really been sorted yet. (If anyone cares to haul me up on that point,
feel free, I'd love to know.)
Would any of the UK folk here like to comment on whether or not FMing one's
security sits at all happily with the paranoid stance that BS7799 adopts?