Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Managed Security Services

from [Rainer Duffner] Network Security [Permanent Link]
Subject: Re: Managed Security Services
Date: Tue, 07 Dec 2004 19:55:08 +0100 
James McGee wrote:

Hi

My current client had an audit requirement to implement a IDS infrastructure a while ago so did, along with an any-any-any allow firewall!



You can probably argue if the term "firewall" still applies to that device anymore.


They did not have the skills in house so outsourced this to a 3rd party. 



If they had an allow-all firewall, what did they need to outsource ?
You can use a Netgear-router for this. ;-)


This went fine, until I came in and the first thing I did was to remove the any-any-any allow, and start putting in a proper rulebase.

The thing is, the number of changes we now have to make to the firewalls make the managed service seem pointless. We are putting more than enough work for at least one FTE their way and are paying for changes on an hourly basis (expensive!)

Does anyone have any numbers available for when outsourcing a security service is viable and when it should be done in house?



That depends on a lot of factors, "size of the rulebase" wouldn't be one on my equation though. At least not very high on the list.
What size is the company ? How many FTEs has the IT-departement ? Can they hire/train a 2nd FTE to do the job, in case the first one is sick or hit by a bus ?
Do they have any skillz in that area at all ?
The problem is: companies that don't have any skillz in an area and outsource it, get shafted by their outsourcer, one way or another pretty often.
Do they at least also monitor the logs and send-out alerts 24x7 ?
What does the SLA say about response-times ?


I know there are dozens of variables here, but the general question is how static should your rulebase be before you outsource the management of it (well the hardware software and support)?


I don't think I understand this sentence.
Changes in the ruleset should be trivial to make, provided you use a decent firewall management software - but you are right: you should be able to propose a decent ruleset when starting with the service.
If the ruleset is changing too often, it could be a sign of bad policy/design of the network.



cheers,
Rainer

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Project security guidelines., King, Gregory
Next by Date:  Re: Managed Security Services, Maarten Van Horenbeeck
Previous by Thread:  Managed Security Services, James McGee
Next by Thread:  RE: Managed Security Services, King, Gregory
Indexes:  [Date] [Thread] [Top] [All Lists]