Firewall to Staff Ratio - Firewalls

This is a discussion on Firewall to Staff Ratio - Firewalls ; Can anyone provide guidance to how one might calculate how much staff is necessary to support a Checkpoint firewall pair? I know that this ratio may be impacted by several factors (i.e, the size of the user base or the ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Firewall to Staff Ratio

  1. Firewall to Staff Ratio

    Can anyone provide guidance to how one might calculate how much staff
    is necessary to support a Checkpoint firewall pair?

    I know that this ratio may be impacted by several factors (i.e, the
    size of the user base or the number of supported applications), but a
    ballpark figure and the basis for the ratio is appreciated.
    Alternatively, if one can direct me to a tool for calculating this
    metric, I would be grateful.

    Thanks

  2. Re: Firewall to Staff Ratio

    In article <7c48a496-55ae-4602-a383-2044c334f3a1
    @j22g2000hsf.googlegroups.com>, texasredant@gmail.com says...
    > Can anyone provide guidance to how one might calculate how much staff
    > is necessary to support a Checkpoint firewall pair?
    >
    > I know that this ratio may be impacted by several factors (i.e, the
    > size of the user base or the number of supported applications), but a
    > ballpark figure and the basis for the ratio is appreciated.
    > Alternatively, if one can direct me to a tool for calculating this
    > metric, I would be grateful.


    There is no good answer. We have CP firewalls installed that get checked
    monthly for operation and we have ones that are monitored daily for
    operation (meaning what is passing in/out).

    Once it's installed and working, if you get reports, and if you don't
    need to change rules, it doesn't need anyone.

    --
    - Igitur qui desiderat pacem, praeparet bellum.
    - Calling an illegal alien an "undocumented worker" is like calling a
    drug dealer an "unlicensed pharmacist"
    spam999free@rrohio.com (remove 999 for proper email address)

  3. Re: Firewall to Staff Ratio

    Texas Fireant wrote:
    > Can anyone provide guidance to how one might calculate how much staff
    > is necessary to support a Checkpoint firewall pair?
    >
    > I know that this ratio may be impacted by several factors (i.e, the
    > size of the user base or the number of supported applications), but a
    > ballpark figure and the basis for the ratio is appreciated.
    > Alternatively, if one can direct me to a tool for calculating this
    > metric, I would be grateful.
    >
    > Thanks


    Depending on the size of your company it might make sense to get a partner for serious system stuff,
    (set up, upgrades, licensing...)and therefore avoid training costs of your staff.
    Checkpoint is very powerfull and very complex.
    But once it is up and running and your network is fairly static, a network engineer can learn how to add rules and read
    logs.

    We have customers with several clusters around the country, dozens of networks and almost any CP feature installed- they
    have two sec. engineers dedicated to CP - incl. 24/7 hotline.
    also depends if IT is your core business or not.

    hth
    M

  4. Re: Firewall to Staff Ratio

    Texas Fireant wrote:
    > Can anyone provide guidance to how one might calculate how much staff
    > is necessary to support a Checkpoint firewall pair?
    >
    > I know that this ratio may be impacted by several factors (i.e, the
    > size of the user base or the number of supported applications), but a
    > ballpark figure and the basis for the ratio is appreciated.
    > Alternatively, if one can direct me to a tool for calculating this
    > metric, I would be grateful.


    You need 1 admin. You probably will need additional admins if you want
    to guarantee particular response times or uptimes or have more than one
    location. These requirements/factors will determine how many admins
    you'll actually need. The number of users or applications is
    immatierial.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  5. Re: Firewall to Staff Ratio

    Thanks to all for your input...TX FireAnt.

  6. Re: Firewall to Staff Ratio

    On Jun 30, 2:24*pm, Texas Fireant wrote:
    > Can anyone provide guidance to how one might calculate how much staff
    > is necessary to support a Checkpoint firewall pair?
    >
    > I know that this ratio may be impacted by several factors (i.e, the
    > size of the user base or the number of supported applications), but a
    > ballpark figure and the basis for the ratio is appreciated.
    > Alternatively, if one can direct me to a tool for calculating this
    > metric, I would be grateful.
    >
    > Thanks


    In a vacuum - for just 2 firewalls - you would need one person to run
    them.

    In the real world - the number varies wildly. Don't think of
    firewalls as just a pair of boxes in a rack somewhere. With firewalls
    comes a much larger responsibility to create security policy, create
    processes surrounding changes to the firewalls, response to 'events',
    how to handle breaches, etc.

    Your question is loaded at best

+ Reply to Thread