|
Firewall Wizards
mailing list archives
Best practices for outsourcing firewall management
From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Fri, 25 Apr 2003 11:13:56 +0200
Hi all,
I have an international client that intends to implement a multi-point
internet gateway strategy. The individual gateways are connected to each
other using their company WAN (as well as the Internet, obviously). Each
gateway will be implemented from the same "template".
Given that they don't have significant firewall skills inhouse, and do not
desire to develop them, they wish to outsource the operation and management
of these gateways to one or more "Gateway operators".
My proposal to them has been along the following lines:
* Internal company managed policy setting, and change control process
* Outsourced Managed Security Service Provider (e.g. counterpane, IBM Global
Services, etc)
* regional Gateway operators (regional telco, other large ISP, etc. NOT the
same as the MSSP)
The process would be something like:
* division in the company identifies a need for a change to the gateway
(e.g. allowing a new service, putting a new machine in the gateway
infrastructure, etc)
* the MSSP consults on the potential impact that this could have in terms of
security, (including discussion with the Gateway Operator)
* the MSSP ultimately instructs the Gateway Operators to perform the
accepted change.
* The Gateway operator implements the change.
* The MSSP reviews the changes made to the infrastructure, to ensure that
what changed was what was approved.
The MSSP would be responsible for ensuring the security of the companies
internet gateways as a whole.
The Gateway operators would be responsible for ensuring functionality of the
infrastructure (uptime, availability, continuity of traffic flows, etc)
Day to day operational changes (tweaking performance, etc) would be done
between the Gateway Operator and the MSSP using whatever change control
processes are applicable between those organisations, with no involvement
from the client.
There are a couple of questions here:
Does this seem like a reasonable model that would provide effective service
and security to the client?
What monitoring and reporting do you think the client would require to
ensure that they are receiving an effective service?
So far, I have:
Uptime, throughput, bandwidth utilisation (from Gateway Operator)
Incident reports (from MSSP)
Change reports (from MSSP)
IDS reports (from MSSP)
External/Internal Audit of gateways (3rd party, to check that the MSSP is
doing a good job, e.g. annually)
Any others?
Final question for bonus points :-)
What is the best way of failing over between gateways, to provide a
redundant service offering? The company WAN is reasonably high bandwidth
(2-8 MB pipes) between the gateways (North and South America, Europe,
Africa, Australia, Asia.
Major services requiring failover are mail, HTTP browsing, FTP, etc.
Thanks in advance!
Rogan
--
"Using encryption on the Internet is the equivalent of arranging an
armored car to deliver credit card information from someone living
in a cardboard box to someone living on a park bench."
- Gene Spafford
--
Deloitte & Touche Security Services Group
Tel: +27(11)806-6216 Fax: +27(11)806-5202 Cell: +27(82)784-9498
--
NOTE: This e-mail message and its attachments are subject to the disclaimers
as published at: http://www.deloitte.co.za/disc.htm#emaildisc
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- Best practices for outsourcing firewall management Dawes, Rogan (ZA - Johannesburg) (Apr 25)
|
Intro
