(Mariko Yashada's question was: value of, components of 3rd party
management of firewalls)
(most of Bob LeBlanc's discussion of 3rd party issues elided)
>What standard services does the third party perform? You (the customer)
>must have the ability to sit with the third party and "design a
>unique-to-you" security service. YOU must be able to determine the
In my experience, a productive 3rd party "value add" is having the
"stated policy" of the firewall verified periodically-- and keeping this
audit-type function in the hands of a party other than the firewall
admin is a wise thing.
We've found that what many sites _believe_ they have implemented as a
policy is remarkably different from what is actually happening on the
wire. MJR's quote about "seatbelts worn around the neck" applies.