Home page logo

basics logo Security Basics mailing list archives

Re: Evaluating the security level of a firewall
From: "Meritt James" <meritt_james () bah com>
Date: Tue, 27 May 2003 12:37:38 -0400

James Fields wrote:

It's not a matter of Nessus or any other tool being "good enough" - the
point goes back to what you friend said about being too busy.  I have a
limited number of hours per weeks.  I manage 8 firewalls, numerous IDS
sensors and maintain about 50 VPNs for my company.  I also am part of a team
responsible for managing our routers, switches, etc.  I do not have time to
research, on a regular basis, everything going on in the industry.

I've been told some companies hire security people who do nothing else - but
I've yet to work at such a place, and can't say what it would be like...

Sounds like someone does not do a very good job of prioritization or
allocation of resources.  What is the problem, not how do you handle a

James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]