Firewall monitoring service

[Kevin Murphy]

I was wondering if anyone is using an external service or vendor to monitor
their BM firewall. I have spoken with several vendors who monitor firewalls
and firewall events and will then notify you if something fishy is
happening. The problem I keep running into is that none of them know how to
handle a BM server. Anyone have any guidance on this?

Kevin Murphy
I.T. Manager
New Mexico Educators FCU

[a_kr...@wright-pattcu.com]

We have both a BorderManager proxy server and a firewall outside of
Bordermanager. We have a vendor that does IDS services. The setup we
have is a managed switch between BorderManager and the PIX. The IDS
vendor also has a device plugged into the same switch. The port that the
firewall is plugged into on the switch is "port mirrored" to the port the
IDS device uses. The port mirroring basically says any traffic to and from
this port will be mirrored to the monitor port as well.

If all you have is Bordermanager and no external Firewall, you should be
able to do the same principle. The private (network) side ofBorderManager
would need to be plugged into a managed switch that connects to the rest
of the network. Port Mirror that port to another port on the same switch
and plug the IDS into it. They should be able to monitor traffic and warn
you of issues.