Firewall Management

Hello,

I would appreciate any comments on firewall management.

I recently have been faced with the choice between paying for a
firewall management service at $1000+ in setup costs and $175 / month
there after or deciding on managing the firewall myself.

We have hired some outside contractors to setup our networks and they
have built this firewall management service into their proposal, but I
am not sure that we necessarily need it and would like to remove it
from the proposal to save some cash.

The outside contractors chose the Cisco ASA5510 and the managed
firewall service for the box will include:

* security updates in the form of patches, releases and upgrades
* policy administration
* event log analysis
* enforcement point management
* incident detection

Basically, I am asking, is it worth it? Would it be hard to manage the
firewall on my own? I am a programmer with a basic understanding of
networks.

Thanks in advance...

Re: Firewall Management

In article <1158092533.580220.191760@e63g2000cwd.googlegroups.com>,
sickfaichezi wrote:

>I would appreciate any comments on firewall management.

>I recently have been faced with the choice between paying for a
>firewall management service at $1000+ in setup costs and $175 / month
>there after or deciding on managing the firewall myself.

>We have hired some outside contractors to setup our networks and they
>have built this firewall management service into their proposal, but I
>am not sure that we necessarily need it and would like to remove it
>from the proposal to save some cash.

>The outside contractors chose the Cisco ASA5510 and the managed
>firewall service for the box will include:

>* security updates in the form of patches, releases and upgrades
>* policy administration
>* event log analysis
>* enforcement point management
>* incident detection

>Basically, I am asking, is it worth it? Would it be hard to manage the
>firewall on my own? I am a programmer with a basic understanding of
>networks.

I'm not sure I would trust that service: they aren't charging ENOUGH to
be able to do a good job of policy administration, incident detection,
and event log analysis -- not unless you are a very small organization
whose network is already partly sheltered by someone else's firewall.

Based upon your wording, I would deduce that you have never managed
a Cisco PIX or Cisco ASA. If I am correct, then chances are quite
small that you would be able to provide the above management
services to your company for less than the equivilent of $175 per
month (wot, roughly one day's pay per month?), taking into account
your startup costs of learning the ins and outs of the device and
your startup costs of writing a -correct- event log analysis program.

Even if you only get 1500 events per day, that'd be 45000 events
per month that would have to be correlated and analyzed. To be able
to analyze that in less than a day's work (i.e., costing your company
a day's pay per month in lui of paying the consultant $175 per month),
you would have to analyze the events at a rate approaching two events
fully analyzed per second. And if you have a company large enough
to warrant a 5510 instead of a 5505, then you are very likely
going to get a lot more than 1500 events per day. (For example,
we collect 200,000 to 300,000 events per day for 500-ish IP addresses.)


The only company that I know of that could -plausibly- manage
event log analysis and incident detection at a marginal rate of $175
per month for a very small network, would Counterpane Security...
and I'm relatively sure that they would charge a LOT more than $1000
to set everything up for you.


[Of course, you shouldn't naively trust what one bundle of hot hair
(i.e., me :) ) says about firewall management. Before committing
either way, do some credibility analysis, such as searching google groups
on a key of author:roberson group:comp.dcom.sys.cisco ]

Re: Firewall Management

You may find this VARBusiness article of interest:

An Ounce Of Prevention, Security crises show increased need for
customer awareness:

http://www.varbusiness.com/sections/customer/customer.jhtml? articleId=18823811

The cost of prevention is much less than the cost of being attacked.

Sincerely,

Brad Reese
BradReese.Com - Cisco Jobs
http://www.bradreese.com/hot-jobs.htm
1293 Hendersonville Road, Suite 17
Asheville, North Carolina USA 28803
USA & Canada: 877-549-2680
International: 828-277-7272
Fax: 775-254-3558
AIM: R2MGrant
BradReese.Com - Cisco Resumes
http://www.bradreese.com/cisco-resumes.htm

Re: Firewall Management

Assuming you like them and they normally do a good job... SNAP THAT DEAL UP!
It's a very good price. Especially for the continuing maintenance. I have to
believe that the only reason they are offering you these prices on the
firewall is because they have your other business and would like to keep it
that way. There is no way in hell that a contractor would offer you these
prices for the firewall alone. At least I sure never would. Hell, 175/mo? At
a (routine) rate of $120/hr or so, that would only account for a little more
than an hour. Hell, he'd tie up that much time simply collecting your
requirements. Much less for making the change itself!

-Frank

"sickfaichezi" wrote in message
news:1158092533.580220.191760@e63g2000cwd.googlegroups.com.. .
> Hello,
>
> I would appreciate any comments on firewall management.
>
> I recently have been faced with the choice between paying for a
> firewall management service at $1000+ in setup costs and $175 / month
> there after or deciding on managing the firewall myself.
>
> We have hired some outside contractors to setup our networks and they
> have built this firewall management service into their proposal, but I
> am not sure that we necessarily need it and would like to remove it
> from the proposal to save some cash.
>
> The outside contractors chose the Cisco ASA5510 and the managed
> firewall service for the box will include:
>
> * security updates in the form of patches, releases and upgrades
> * policy administration
> * event log analysis
> * enforcement point management
> * incident detection
>
> Basically, I am asking, is it worth it? Would it be hard to manage the
> firewall on my own? I am a programmer with a basic understanding of
> networks.
>
> Thanks in advance...
>

Re: Firewall Management

Walter Roberson wrote:
> In article <1158092533.580220.191760@e63g2000cwd.googlegroups.com>,
> sickfaichezi wrote:
>
> >I would appreciate any comments on firewall management.
>
> >I recently have been faced with the choice between paying for a
> >firewall management service at $1000+ in setup costs and $175 / month
> >there after or deciding on managing the firewall myself.
>
> >We have hired some outside contractors to setup our networks and they
> >have built this firewall management service into their proposal, but I
> >am not sure that we necessarily need it and would like to remove it
> >from the proposal to save some cash.
>
> >The outside contractors chose the Cisco ASA5510 and the managed
> >firewall service for the box will include:
>
> >* security updates in the form of patches, releases and upgrades
> >* policy administration
> >* event log analysis
> >* enforcement point management
> >* incident detection
>
> >Basically, I am asking, is it worth it? Would it be hard to manage the
> >firewall on my own? I am a programmer with a basic understanding of
> >networks.
>
> I'm not sure I would trust that service: they aren't charging ENOUGH to
> be able to do a good job of policy administration, incident detection,
> and event log analysis -- not unless you are a very small organization
> whose network is already partly sheltered by someone else's firewall.
>
> Based upon your wording, I would deduce that you have never managed
> a Cisco PIX or Cisco ASA. If I am correct, then chances are quite
> small that you would be able to provide the above management
> services to your company for less than the equivilent of $175 per
> month (wot, roughly one day's pay per month?), taking into account
> your startup costs of learning the ins and outs of the device and
> your startup costs of writing a -correct- event log analysis program.
>

You have deduced correctly. I have never managed a Cisco PIX or Cisco
ASA.

I was not sure whether 175 was cheap or expensive. You obviously
believe it is cheap, and I suspect that they are charging such a low
price because our network is extremely simple with only 3 ips behind
the firewall.

> Even if you only get 1500 events per day, that'd be 45000 events
> per month that would have to be correlated and analyzed. To be able
> to analyze that in less than a day's work (i.e., costing your company
> a day's pay per month in lui of paying the consultant $175 per month),
> you would have to analyze the events at a rate approaching two events
> fully analyzed per second. And if you have a company large enough
> to warrant a 5510 instead of a 5505, then you are very likely
> going to get a lot more than 1500 events per day. (For example,
> we collect 200,000 to 300,000 events per day for 500-ish IP addresses.)
>
>
> The only company that I know of that could -plausibly- manage
> event log analysis and incident detection at a marginal rate of $175
> per month for a very small network, would Counterpane Security...
> and I'm relatively sure that they would charge a LOT more than $1000
> to set everything up for you.

Have you ever heard of MTM Technologies?

>
>
> [Of course, you shouldn't naively trust what one bundle of hot hair
> (i.e., me :) ) says about firewall management. Before committing
> either way, do some credibility analysis, such as searching google groups
> on a key of author:roberson group:comp.dcom.sys.cisco ]

Thanks for your reply. Much appreciated.

Re: Firewall Management

Frankster wrote:
> Assuming you like them and they normally do a good job... SNAP THAT DEAL UP!
> It's a very good price. Especially for the continuing maintenance. I have to
> believe that the only reason they are offering you these prices on the
> firewall is because they have your other business and would like to keep it
> that way. There is no way in hell that a contractor would offer you these
> prices for the firewall alone.

Oh, we are definitely purchasing the firewall separately. The $1000
setup cost is for the setup of the management services. Does that
change your opinion at all?

> At least I sure never would. Hell, 175/mo? At
> a (routine) rate of $120/hr or so, that would only account for a little more
> than an hour. Hell, he'd tie up that much time simply collecting your
> requirements. Much less for making the change itself!
>
> -Frank
>
> "sickfaichezi" wrote in message
> news:1158092533.580220.191760@e63g2000cwd.googlegroups.com.. .
> > Hello,
> >
> > I would appreciate any comments on firewall management.
> >
> > I recently have been faced with the choice between paying for a
> > firewall management service at $1000+ in setup costs and $175 / month
> > there after or deciding on managing the firewall myself.
> >
> > We have hired some outside contractors to setup our networks and they
> > have built this firewall management service into their proposal, but I
> > am not sure that we necessarily need it and would like to remove it
> > from the proposal to save some cash.
> >
> > The outside contractors chose the Cisco ASA5510 and the managed
> > firewall service for the box will include:
> >
> > * security updates in the form of patches, releases and upgrades
> > * policy administration
> > * event log analysis
> > * enforcement point management
> > * incident detection
> >
> > Basically, I am asking, is it worth it? Would it be hard to manage the
> > firewall on my own? I am a programmer with a basic understanding of
> > networks.
> >
> > Thanks in advance...
> >

Re: Firewall Management

In article <1158166313.069430.250020@e63g2000cwd.googlegroups.com>,
sickfaichezi wrote:
>Walter Roberson wrote:

>> The only company that I know of that could -plausibly- manage
>> event log analysis and incident detection at a marginal rate of $175
>> per month for a very small network, would Counterpane Security...

>Have you ever heard of MTM Technologies?

MTM Technologies is not one I had heard of before. They do seem
to be big and doing well in the marketplace.

Checking google groups, searching for "MTM Technologies" and eliminating
all the various job offering newsgroups, I find only 6 references
to them, only one of which actually says anything about the
company (a press release that happened to get listed into an
anti-spam newsletter.)

http://groups.google.ca/groups/search?q=%22MTM+Technologies% 22+-group%3Aphl.jobs.offered+-group%3Apa.jobs.offered+-group %3Aalt.bestjobsusa.computer+-group%3Aus.jobs+-group%3Aalt.be stjobsusa.jobs.offered+-group%3Aalt.bestjobsusa+-group%3Amd. jobs+-group%3Aprg.jobs+-group%3Any.jobs


When I google the company, I find page after page after page of financial
references, and nearly no third-party references in the time I was
willing to spend looking.

The financial information and company job description suggest that
they are definitely not a two-bit company, but the fact that they
aren't getting discussed gives me pause. It could be partly explained if
they had a major name change, I suppose, but that aforementioned
press release is from 2004, and two years is quite sufficient time
for people to have mentioned the work of any major security company.

Re: Firewall Management

sickfaichezi wrote:

> Oh, we are definitely purchasing the firewall separately. The $1000
> setup cost is for the setup of the management services. Does that
> change your opinion at all?

Ask them how many hours per month are included for the monthly rate of 175
USD. If they say that they'll look after your firewall for 2 or more hours
per month (and they really do it ...) their offer seems fair. Ask them what
kind of reports they'll produce and look at examples of those reports
before you sign the contract.

In general the offer seems quite allright to me. Ask them to keep you
informed about everything they do on the firewall (what they have done,
when they did it and how long it took them). Make a contract about how
changes in the policy have to be authorized. Apart from routine tasks like
log analysis, generating reports and the installation of (urgent) security
patches they must not do anything without prior confirmation from you.

Wolfgang