I administer two Checkpoint FW/VPN -1 NG firewalls. I also administer our ISS Siteprotector IDS and Tripwire for Servers. I also have additional duties administrating the networking infrastructure (NT 4.0 domain, routers, switches...). The firewall and IDS solutions are almost a fulltime job, especially the IDS. I find that I spend more day-to-day work monitoring of the IDS then the firewall. You have to monitor the events and try a detect a attack while it is ongoing, not after the fact. You really have to monitor the events as they are happening, check the firewall, check the servers (Tripwire) and then respond to a attack. I monitor two network sensors and log over 2000 events a day, you may have more depending on what you need to monitor. The majority of these events target our web infrastructure on the DMZ and of course our exchange server. Our firewall has been in place for three years and our enterprise really requires very little tuning of the rulebase. I estimate that I spend 20 hours per week between the two systems while spending the majority on the IDS. I could very easily spend 40 hours per week on IDS alone.
If you have any more questions, please feel free to send me a note. Thank You, Jeffrey Larson Senior LAN Technician Michigan Millers Mutual Ins. (517) 482-6211 ext 396 CCNA Network+ <mailto:jlarson@;mimillers.com> ############################################################################ ############################### This e-mail and any files transmitted with it may contain confidential and/or proprietary information. It is intended solely for the use of the individual or entity who is the intended recipient. Unauthorized use of this information is prohibited. If you have received this in error, please contact the sender by replying to this message and delete this material from any system it may be on. ############################################################################ ################################# -----Original Message----- From: Rowton, Mitchell [mailto:Mitchell.Rowton@;MAIL.DRMS.DLA.MIL] Sent: Tuesday, October 22, 2002 8:54 AM To: [EMAIL PROTECTED] Subject: [FW-1] Staffing needs Would anyone be willing to share how many firewall administrators they have to secure how many firewalls. I have been asking vendors, managed security services providers, as well as other agencies and continue to get conflicting information. One person can run between 10 and 100 firewalls? Could you also give me insight on your answer? Do these people have other duties, are the firewalls screening for large networks with DMZ's or smaller ones? What are your personal opinions about staffing needs. We will be using Provider-1 as a management solution. Also, I have the same question about Real Secure IDS with a Site Protector management solution, I'm hoping that many on this Checkpoint list also use Real Secure IDS. I would appreciate any information. And before anyone says it, I realize that it depends upon your rulebase, number of changes, logging, etc... I'm just trying to find some sort of an industry average. Mitchell E Rowton ---------------------------- Computer Security Specialist CCNP, CCDP, CCSA, NSA IAM, Network+ DRMS HQ Battle Creek <mailto: [EMAIL PROTECTED]> ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
