Firewalls: RE: ISP Connection (mainly 3rd party FW services)

Firewalls
(June 1997)

Indexed By Thread: [Previous] [Next]

Subject:	RE: ISP Connection (mainly 3rd party FW services)
From:	Jonathan McCown <JMCCOWN @ ncsa . com>
Date:	Tue, 10 Jun 1997 08:34:53 -0400
To:	"'firewalls @ GreatCircle . COM'" <firewalls @ GreatCircle . COM>, "'BLeBlanc @ igate . sprint . com'" <BLeBlanc @ igate . sprint . com>

(Mariko Yashada's question was: value of, components of 3rd party
management of firewalls)
(most of Bob LeBlanc's discussion of 3rd party issues elided)
>
>[Bob noted]
>What standard services does the third party perform?  You (the customer)
>must have the ability to sit with the third party and "design a
>unique-to-you" security service.  YOU must be able to determine the
>rules.  

In my experience, a productive 3rd party "value add" is having the
"stated policy" of the firewall verified periodically-- and keeping this
audit-type function in the hands of a party other than the firewall
admin is a wise thing.   

We've found that what many sites _believe_ they have implemented as a
policy is remarkably different from what is actually happening on the
wire.  MJR's quote about "seatbelts worn around the neck" applies.

- Jon

Indexed By Date	Previous:	Re: Stateful Packet Filters vs. Proxies From: Darren Reed <avalon @ coombs . anu . edu . au>
Indexed By Date	Next:	RFC for Ports From: Basil McCrea <mccrebsi @ ina . de>
Indexed By Thread	Previous:	Again out of topic...sorry From: Cihan Subasi <csubasi @ garanti . com . tr>
Indexed By Thread	Next:	RFC for Ports From: Basil McCrea <mccrebsi @ ina . de>