Network Computingwww.networkcomputing.com

Beyond equipment, costs include training or hiring personnel to manage your firewall--and the expenses quickly add up. Skilled network administrators often command salaries in the high $60K's and mid $70K's (see our Third Annual Network/IS Managers' Salary and Job Satisfaction Survey at www.networkcomputing.com/903/903f2.html). And security experts command even more money.

Training your personnel may seem more cost-effective: Three-day firewall certification courses cost $1,500 to $2,000 plus travel expenses. But once your administrators have a certification under their belts and a few years of experience, they're more marketable. Ongoing personnel costs are significant as well. According to SANS' 1998 Salary Survey (www.sans. org/newlook/publications/ 1998salarysurvey.htm), raises for network personnel average around 11 percent, which confirms that the cost of maintaining necessary skill sets far outstrips yearly hardware and software expenses.

Of course, while many installations won't require a full staff dedicated to network security, or even a single person devoted to the task, an existing administrator will have to spend time maintaining and monitoring the firewall. And though that administrator may be adequate for the job, not having any backup administrators to help out in the event of his or her absence can pose a security threat.

Luckily, other key expenses associated with installing and maintaining your own firewall can be fairly easy to estimate. Assume you have four sites to protect and you are using software firewalls on a fairly powerful SPARC. If your administrators spend 30 percent of their time working on the firewalls, you can expect to spend about $126,000 the first year for equipment and personnel costs (for more on the costs associated with managed firewalls, see "RFP: Managed Firewall Services," at www.networkcomputing.com/920/920f2.html). However, numerous soft costs can crop up, depending on your implementation and needs. For example, your addressing scheme may oblige you to renumber your IP network, which opens a can of worms, especially with applications and services tied to IP addresses.

Finally, you'll need to consider maintenance and support. We've all shared war stories about the inevitable emergencies that occur on the network--crises that have the uncanny ability to strike at 3 a.m. on a Saturday. Putting someone on call to deal with these emergencies, or maintaining a 24x7 network staff, will increase costs, but justifiably so if your Internet access is mission critical.

Whether you consider network security a cost factor or a profit center, owning your own firewall has distinct advantages. Having a security administrator with in-depth working knowledge of your particular business needs means your security plan is in sync with and closely supports your business plan and security policy. The ability to add support for new services, change the firewall configuration and anticipate future needs plays into the value of owning your network end-to-end.

Outsourcing
A large number of ISPs and other service providers are willing to manage your firewall for you, often employing the same firewall solutions you might use if you managed it yourself. They promise to enhance your security while reducing your workload, and to provide expertise, value-added services and 24x7 management. However, outsourcing services typically cost more than do-it-yourself options.