Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

firewall policies

Posted on 2009-07-01
2
Medium Priority
?
214 Views
Last Modified: 2013-11-05
Hi all, I am researching some best practice on managing your corporate firewall. Rather than anything technical, what procedures do your guys go through to securely manage the firewall?

i.e. if you want to change a firewall rule, who approves it, is this management or a secondary ttechnician?

if your it support is outsourced what responsibilities on firewall management is with them, and what to you still have an involvement with?

How often do you perform a configuration review of the firewall to identify vulnerabiltiies, do you do this yourselves or get an independant 3rd party?

How do you seperate up the firewall management security (auditors term it separation of duties), who is reposnsible for what in your setup?

If you are experienced managing the security of the firewall, have you got any tips for a newbie on how to manage it to best practice, based on things you have seen (or perhaps done) done wrong in this past? Any additional pointers or areas of research where I can develop my knowledge of all the things to consider better.
0
Comment
Question by:pma111
2 Comments
 
LVL 6

Accepted Solution

by:
vojans earned 500 total points
ID: 24752951
Define a paper which will clearly point out which port is needed to be open, and what is it (or - it will be) used for.
Ask for confirmation of superior in charge - superior of person who demands it. Signature
So, if somebody wants you to open port 6881, for torrent, and his superior signs it, it is not yours to question why is he asking for it - he/she got a permit.
On the other hand, it would be good to make a kind of policy what is allowed and what is not, at least without a written approwal, and that will solve most of doubts...
0
 
LVL 18

Assisted Solution

by:deimark
deimark earned 500 total points
ID: 24753007
I will answer inline:

Hi all, I am researching some best practice on managing your corporate firewall. Rather than anything technical, what procedures do your guys go through to securely manage the firewall?

i.e. if you want to change a firewall rule, who approves it, is this management or a secondary ttechnician?

>>>  Good practice to have a 2nd opinion/set of eyes on the rule


if your it support is outsourced what responsibilities on firewall management is with them, and what to you still have an involvement with?

>>>  If its outsourced, then all you should need to do is contact this provider and make teh necessary requests, ie from <host> to <host> service HTTP  - permit

>>>  As above, it worth making sure that the provider has a confirmed list of authorised contacts thatc an request these changes


How often do you perform a configuration review of the firewall to identify vulnerabiltiies, do you do this yourselves or get an independant 3rd party?

>>>  This "should" br done regularly, but rarely is de to time needed etc.  I would say every quarter, review the rulebase and clean out old addresses, rules etc..  If its done by 3rd party, then get them in every quarter

How do you seperate up the firewall management security (auditors term it separation of duties), who is reposnsible for what in your setup?

>>>  Most decent firewalls will allow creation of different roles within teh firewall, ie some roles can edit address objects, some roles can create rules, some roles can edit IDP settings etc.  This means that admins are only given access to what they need.

If you are experienced managing the security of the firewall, have you got any tips for a newbie on how to manage it to best practice, based on things you have seen (or perhaps done) done wrong in this past? Any additional pointers or areas of research where I can develop my knowledge of all the things to consider better.

>>>  Apart from generic advise on creating the rulebases, ie most used at top, most specific at top, general rules at bottom and ALWAYS use a clean up rule with logging, the stuf above is a decent start.

>>>    I would say that if you have any specific questions, post here as the topic is quite large its hard to generalise.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question