Yes I will agree there are problems that have not been fully answered in the MSP arena. However there are many benifits such as the extended expertise an MSP does have through managing many devices and the amount of combined knowledge that is available through senior level staff. The MSP arena I don't think is there to supersede the staff and skills of the fortune 100 company but instead to augment a fortune 100's company's skill set as well as providing a system of checks and balances for the company. With smaller and mid size companies the MSP can provide can provide a service that the company is not able to or doesn't want to budget for performing on it's own. Smaller companies have problems if they try to move security in house such as finding qualified engineers. Most smaller companies do not have a person capable of making an informed hiring decision when it comes to security, all that really defines the candidates are certifications and many times ceritfications can be misleading to a persons actual skill level. Security is a difficult to quantify to management in terms of dollars and cents and security professional skills are difficult to quantify to an HR person. K -----Original Message----- From: firewalls-admin@pluto.gnac.com [mailto:firewalls-admin@pluto.gnac.com]On Behalf Of mht@clark.net Sent: Wednesday, June 27, 2001 10:10 PM To: Len Rose; firewalls@pluto.gnac.com Subject: Re: Managed Service Providers One can always state..: Let us put a box on site, and point all logging to it, and then the MSP is remotely connected to the box, and everything is nice and rosy.. Nope, there is authentication, encryptions, blah, blah, etc, etc A simple fingerprint scan that is some what successful can clearly identify the box, and any port that is open and then attack it. Oops, just knocked some hybrid Unix box offline.. All the MSP noc person sees is that they are no longer receives alerts. Reaction: Call customer" Hi so and so, this is MSP so and so, we are no longer receiving messages from our remotely managed box" Customer: Am I vulnerable MSP rep: Unsure of the status, could you do the following.... Doesn't provide much confidence in my mind.. One doesn't need senior engineers available, one needs a better way of remotely recycling power.. :) At 10:49 PM 6/27/2001 -0400, Len Rose wrote: The answer to this has always been automation, whether it's automation of log analysis, alarms/traps, and/or on the fly packet header monitoring. When an alarm occurs, the SOC gets alerted and an escalation procedure begins. This is standard practice. You don't have senior engineers monitoring systems 24 x 7 but you damned well better have them available when something real happens. _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls