The fact that their monitoring systems/probes have went off the air
is not fatal. The MSP has out of band access to it's screening router,
other equipment. This should also include remote powere cycling equipment!
If you don't have out of band access then you are not really doing your
job, nor earning your hefty monthly fees.
(you know, the MANAGED part of MSP) Along with a clearly
defined escalation procedure that should also include at which point the
site is locked down so that the incident response team are assured that no one
other than authorized individuals are accessing the network being protected at
least until the situation is under control.
If you examine what I originally stated, I stand for the junior monitoring
staff watching screens while more senior engineering staff handle escalation.
Which means that the model of MANAGED SECURITY SERVICES is just fine as long
as you have decent automation which is clearly superior to having droves of
people.
I've said more than I wanted to, but couldn't resist this topic nor this
followup of my original message.
[deferred obituary]
I have to say that Pilot's model of centralizing servers and firewalls
in major network centers around the US was certainly superior to having
thousands of mini-sites scattered everywhere. Pilot didn't deserve to
die for technical performance or implementation reasons, that's for
sure..At some point in the growth of your customer base, the model
certainly makes financial and operational sense.
Len
PS Still laughing at most I see and read about security today. I'm going
back into lurk mode for the next 2-3 years..
On Wed, Jun 27, 2001 at 08:09:55PM -0700, [EMAIL PROTECTED] wrote:
> One can always state..: Let us put a box on site, and point all logging to
> it, and then the MSP is remotely connected to the box, and everything is
> nice and rosy.. Nope, there is authentication, encryptions, blah, blah,
> etc, etc A simple fingerprint scan that is some what successful can
> clearly identify the box, and any port that is open and then attack
> it. Oops, just knocked some hybrid Unix box offline.. All the MSP noc
> person sees is that they are no longer receives alerts.
>
> Reaction:
> Call customer" Hi so and so, this is MSP so and so, we are no longer
> receiving messages from our remotely managed box"
> Customer: Am I vulnerable
> MSP rep: Unsure of the status, could you do the following....
>
> Doesn't provide much confidence in my mind..
>
> One doesn't need senior engineers available, one needs a better way of
> remotely recycling power.. :)
{SNOP}
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
