OK.. Folks, since I confused the issue and topic this morning.. There is
difference between
Online Security Services and Managed Monitoring Services, sort of although
the differences are very slim since both offer a smattering of some
shopping list of options
Online Security Service
www.securityfocus.com
www.esecurityonline.com
www.cisco.com Cisco Secure Consulting Services
Managed Monitoring Services
www.counterpane.com
www.securitywizards.com
www.genuity.com
www.pilotservices.com
www.uunet.com
www.rcn.com
Most of the major ISP type ships offer both managed monitored service plus
some form of security assessment.
Arrgh,, I hate it when things go off topic.
/mark
At 04:13 PM 8/22/00 -0400, Richard Ginski wrote:
>I've been a bit concerned regarding firms which offer security monitoring
>as a service. I admit I have done very little research regarding how these
>firms implement the services they offer:
>
>AFAIK, in order to REALLY implement such a service, the organization
>(their client) is having to concede certain elements of security. For
>example, if I want them to monitor both the DMZ, the internal network and
>protected hosts, they will have to devise a way to have their console(s)
>communicate to whatever "monitoring agents" (for the hosts) or "monitoring
>detectors" (for the internal network) they have installed. (Or
>visa-versa.) From what I understand, they (agents and detectors) would
>have to communicate via modem or, more probably, the Internet. Firewalls
>would have to be configured accordingly, in order to allow this
>communication to take place. Aren't organizations then inherently
>compromising security to accomodate these services which are offered?
>Further, they may not use the default ports (created by default) for these
>agents/detectors. However, they probably use their own standard port
>assignments which may be the same across many different organizations
>(their clients). Knowing this, would that not make all of their clients
>equally vulnerable?
>
> >>> "Behm, Jeffrey L." <[EMAIL PROTECTED]> 08/22/00 03:05PM >>>
> >From: Adam Pendleton [mailto:[EMAIL PROTECTED]]
> >positions, the total number of jobs that need filling are less than the
> >total would be if each company was doing security in-house.
>
>but it's in my blood to trust no-one <except of course _everything_ i read
>in mailing lists ;-)>
>how am I gonna trust some company that is in business for two reasons:
>1) make money, and 2) provide a _security_ service, IN THAT ORDER.
>
>Jeff
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
