I've been a bit concerned regarding firms which offer security monitoring as a
service. I admit I have done very little research regarding how these firms implement
the services they offer:
AFAIK, in order to REALLY implement such a service, the organization (their client) is
having to concede certain elements of security. For example, if I want them to monitor
both the DMZ, the internal network and protected hosts, they will have to devise a way
to have their console(s) communicate to whatever "monitoring agents" (for the hosts)
or "monitoring detectors" (for the internal network) they have installed. (Or
visa-versa.) From what I understand, they (agents and detectors) would have to
communicate via modem or, more probably, the Internet. Firewalls would have to be
configured accordingly, in order to allow this communication to take place. Aren't
organizations then inherently compromising security to accomodate these services which
are offered? Further, they may not use the default ports (created by default) for
these agents/detectors. However, they probably use their own standard port assignments
which may be the same across many different organizations (their clients). Knowing
this, would that not make all of their clients equally vulnerable?
>>> "Behm, Jeffrey L." <[EMAIL PROTECTED]> 08/22/00 03:05PM >>>
>From: Adam Pendleton [mailto:[EMAIL PROTECTED]]
>positions, the total number of jobs that need filling are less than the
>total would be if each company was doing security in-house.
but it's in my blood to trust no-one <except of course _everything_ i read
in mailing lists ;-)>
how am I gonna trust some company that is in business for two reasons:
1) make money, and 2) provide a _security_ service, IN THAT ORDER.
Jeff
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
