[ISN] MoD breaks ranks on custom firewall

From: InfoSec News (isnat_private)
Date: Thu May 02 2002 - 00:11:03 PDT

  • Next message: InfoSec News: "[ISN] RE: [defaced-commentary] c4iweb.spawar.navy.mil defaced by The Deceptive Duo"

    By Paul Allen [01-05-2002]
    Rising technology overhead drives MoD to adopt commercial firewalls
    The Ministry of Defence's security technology advisors have changed
    their approach to its firewall policy.
    David Hartley, unclassified network manager at the Defence Science and
    Technology Laboratory (DSTL), formerly the Defence Evaluation Research
    Agency (DERA), said the MoD agency had bought in firewall technology
    as the overhead of maintaining internally produced code had become too
    "While I don't want to suggest we are de-skilling, having people who
    can write and maintain code is difficult to justify. Our business is
    supporting the network, not coding software," said Hartley.
    But Hartley stressed that improvements in commercially available
    firewalls, in conjunction with IDS and external evaluation, had been
    the main driver behind the strategy switch.
    "We have taken a good look at commercial firewalls over the past five
    years, and have moved towards them because now they have the strength
    for our needs," said Hartley. The move was phased in over the past 14
    Former DERA team leader for IT health checks, now managing security
    architect at consultants @Stake, Phil Huggins, said using commercially
    available firewall code was an issue of support versus trust. "A large
    enterprise may not have the necessary skill set to create and run
    custom firewall code, they may have future support and training issues
    when current staff move on."
    He said that while a custom firewall could reap huge benefits in terms
    of a better fit for business requirements, the management overhead
    could prove too high for many. "It requires both strong skills
    management and a recognition that more time may need to be made
    available to manage such systems correctly.
    "I strongly believe that businesses are better off properly managing a
    technology they know well, rather than using a technology it has been
    told is more secure, but using it badly," said Huggins.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu May 02 2002 - 03:56:40 PDT