on 11/18/08 10:41 PM, [EMAIL PROTECTED] said: > however to do this we need to be able to show that other similar > orginizations don't work this way. I know that many of our customers don't > work this way, becouse when we need to coordinate changes to their > firewalls we get told SLAs along the lines of firewall changes are done > one day a week to one day a month, with all changes needing to be > submitted at least a week prior to the implementation date.
At $WORK, we have some firewall blades for critical systems, but everything else is protected with simple rules on the routers, or by putting machines in various networks that are only routable on-campus. And they are very, very resistant to making any kind of router rule type of firewall change, and of course the firewall blades only protect a small subset of the systems on the networks. We use TCP-Wrappers and host-level firewalling as much as we can. As a rule, we can't really depend on any network-level of firewalling. On campus, the central networking group is only responsible for the WAN, DNS, etc... and they don't do firewalls. LAN networking is the responsibility of the various local IT support groups in their respective buildings, although they do so on the basis of recommendations from the central networking group. We can get local networking changes made within a few days, but they don't have a ticketing system -- you send them your requests by e-mail, and you hope that you get a response. We don't generally interact with the central networking group for DNS changes, because we have three people who actually have direct access to the zone files and the domain administration tools, and one of them actually wrote the tools back when he had that job himself. But when we do need to interact with them, they have a central ticketing system based on rt. And they generally give pretty good response times, although there aren't any SLAs that I know of. But then we're a public research University, and maybe you should be doing something better. ;-) -- Brad Knowles <[EMAIL PROTECTED]> LinkedIn Profile: <http://tinyurl.com/y8kpxu> _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
