Thanks everyone for the recommendations. This is a new area for me and glad to hear some feedback from those of you who have experience with it.
On Sat, Feb 12, 2011 at 2:11 PM, Russell Eubanks < [email protected]> wrote: > Another good thing to do is a bi- annual firewall review, line by line, to > make sure the rules are as you intend and reflect your current needs. Also > to make sure you are running the most current version of code. > > Since they are managing the device for you, I consider it fair game to ask > for their recommendations after they review your configs every so often. In > theory, their collective knowledge will be valuable. > > All of this will give them the opportunity to re-earn your business by > having the prove their value to your business. > > Russell > > > On Feb 12, 2011, at 12:13 PM, John Strand <[email protected]> wrote: > > I would also recommend that you periodically "test" them. > > Something as simple as a remote Nessus scan, or a outbound clear text > shell. > > See if they catch it. > > If they do not, be sure to give them hell. > > John > > On Fri, Feb 11, 2011 at 8:31 PM, Jack Daniel < <[email protected]> > [email protected]> wrote: > >> Like most things, "it depends". As Josh said, if the outsourced >> vendor does a great job, it can be very good. Big honking "if" there, >> though. >> >> A few questions off the top of my head: >> What are the SLAs, and how are they enforced? >> How long does it take to get changes applied? >> Do you retain ownership of the hardware on premises? >> Do you "own" the configs, or can they flatten the box when terminated? >> Do you have audit rights to the systems? >> What kind of reporting and documentation do they offer? >> Do they guarantee configurations compliant with your regulatory >> requirements? >> What about patching/updating, do they provide a guaranteed update >> window after patches/fixes are released? >> Is it all in writing? >> >> Jack >> >> >> On Fri, Feb 11, 2011 at 7:12 PM, Matthew Perry < <[email protected]> >> [email protected]> wrote: >> > All, >> > >> > We have been acquired by another company that is use to outsourcing >> > their management and monitoring of firewalls to another company. I >> > have always been against this especially since they would have the >> > keys for any point to point connections. How does everyone else in >> > the pauldotcom community feel about this and is it a standard >> > practice? >> > >> > -- >> > Matthew Perry >> > _______________________________________________ >> > Pauldotcom mailing list >> > <[email protected]>[email protected] >> > <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: <http://pauldotcom.com>http://pauldotcom.com >> > >> >> >> >> -- >> ______________________________________ >> Jack Daniel, Reluctant CISSP >> <http://twitter.com/jack_daniel>http://twitter.com/jack_daniel >> <http://www.linkedin.com/in/jackadaniel> >> http://www.linkedin.com/in/jackadaniel >> <http://blog.uncommonsensesecurity.com> >> http://blog.uncommonsensesecurity.com >> _______________________________________________ >> Pauldotcom mailing list >> <[email protected]>[email protected] >> <http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: <http://pauldotcom.com>http://pauldotcom.com >> > > > > -- > John Strand > Office: (605) 550-0742 > Cell: (303) 710-1171 > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: <http://pauldotcom.com>http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Matthew Perry
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
