http://networknews.vnunet.com/News/1131396 By Paul Allen [01-05-2002] Rising technology overhead drives MoD to adopt commercial firewalls The Ministry of Defence's security technology advisors have changed their approach to its firewall policy. David Hartley, unclassified network manager at the Defence Science and Technology Laboratory (DSTL), formerly the Defence Evaluation Research Agency (DERA), said the MoD agency had bought in firewall technology as the overhead of maintaining internally produced code had become too great. "While I don't want to suggest we are de-skilling, having people who can write and maintain code is difficult to justify. Our business is supporting the network, not coding software," said Hartley. But Hartley stressed that improvements in commercially available firewalls, in conjunction with IDS and external evaluation, had been the main driver behind the strategy switch. "We have taken a good look at commercial firewalls over the past five years, and have moved towards them because now they have the strength for our needs," said Hartley. The move was phased in over the past 14 months. Former DERA team leader for IT health checks, now managing security architect at consultants @Stake, Phil Huggins, said using commercially available firewall code was an issue of support versus trust. "A large enterprise may not have the necessary skill set to create and run custom firewall code, they may have future support and training issues when current staff move on." He said that while a custom firewall could reap huge benefits in terms of a better fit for business requirements, the management overhead could prove too high for many. "It requires both strong skills management and a recognition that more time may need to be made available to manage such systems correctly. "I strongly believe that businesses are better off properly managing a technology they know well, rather than using a technology it has been told is more secure, but using it badly," said Huggins. - ISN is currently hosted by Attrition.org To unsubscribe email firstname.lastname@example.org with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu May 02 2002 - 03:56:40 PDT