PDA

View Full Version : Firewall to Staff Ratio



Texas Fireant
06-30-08, 02:24 PM
Can anyone provide guidance to how one might calculate how much staff
is necessary to support a Checkpoint firewall pair?

I know that this ratio may be impacted by several factors (i.e, the
size of the user base or the number of supported applications), but a
ballpark figure and the basis for the ratio is appreciated.
Alternatively, if one can direct me to a tool for calculating this
metric, I would be grateful.

Thanks

Leythos
07-01-08, 06:55 AM
In article <7c48a496-55ae-4602-a383-2044c334f3a1
@j22g2000hsf.googlegroups.com>, texasredant@gmail.com says...
> Can anyone provide guidance to how one might calculate how much staff
> is necessary to support a Checkpoint firewall pair?
>
> I know that this ratio may be impacted by several factors (i.e, the
> size of the user base or the number of supported applications), but a
> ballpark figure and the basis for the ratio is appreciated.
> Alternatively, if one can direct me to a tool for calculating this
> metric, I would be grateful.

There is no good answer. We have CP firewalls installed that get checked
monthly for operation and we have ones that are monitored daily for
operation (meaning what is passing in/out).

Once it's installed and working, if you get reports, and if you don't
need to change rules, it doesn't need anyone.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

mak
07-02-08, 02:22 AM
Texas Fireant wrote:
> Can anyone provide guidance to how one might calculate how much staff
> is necessary to support a Checkpoint firewall pair?
>
> I know that this ratio may be impacted by several factors (i.e, the
> size of the user base or the number of supported applications), but a
> ballpark figure and the basis for the ratio is appreciated.
> Alternatively, if one can direct me to a tool for calculating this
> metric, I would be grateful.
>
> Thanks

Depending on the size of your company it might make sense to get a partner for serious system stuff,
(set up, upgrades, licensing...)and therefore avoid training costs of your staff.
Checkpoint is very powerfull and very complex.
But once it is up and running and your network is fairly static, a network engineer can learn how to add rules and read
logs.

We have customers with several clusters around the country, dozens of networks and almost any CP feature installed- they
have two sec. engineers dedicated to CP - incl. 24/7 hotline.
also depends if IT is your core business or not.

hth
M

Ansgar -59cobalt- Wiechers
07-02-08, 07:27 AM
Texas Fireant <texasredant@gmail.com> wrote:
> Can anyone provide guidance to how one might calculate how much staff
> is necessary to support a Checkpoint firewall pair?
>
> I know that this ratio may be impacted by several factors (i.e, the
> size of the user base or the number of supported applications), but a
> ballpark figure and the basis for the ratio is appreciated.
> Alternatively, if one can direct me to a tool for calculating this
> metric, I would be grateful.

You need 1 admin. You probably will need additional admins if you want
to guarantee particular response times or uptimes or have more than one
location. These requirements/factors will determine how many admins
you'll actually need. The number of users or applications is
immatierial.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Texas Fireant
07-03-08, 04:08 PM
Thanks to all for your input...TX FireAnt.

AMR
07-07-08, 09:57 AM
On Jun 30, 2:24*pm, Texas Fireant <texasred...@gmail.com> wrote:
> Can anyone provide guidance to how one might calculate how much staff
> is necessary to support a Checkpoint firewall pair?
>
> I know that this ratio may be impacted by several factors (i.e, the
> size of the user base or the number of supported applications), but a
> ballpark figure and the basis for the ratio is appreciated.
> Alternatively, if one can direct me to a tool for calculating this
> metric, I would be grateful.
>
> Thanks

In a vacuum - for just 2 firewalls - you would need one person to run
them.

In the real world - the number varies wildly. Don't think of
firewalls as just a pair of boxes in a rack somewhere. With firewalls
comes a much larger responsibility to create security policy, create
processes surrounding changes to the firewalls, response to 'events',
how to handle breaches, etc.

Your question is loaded at best ;)