Solved

firewall policies

Posted on 2009-07-01
2
209 Views
Last Modified: 2013-11-05
Hi all, I am researching some best practice on managing your corporate firewall. Rather than anything technical, what procedures do your guys go through to securely manage the firewall?

i.e. if you want to change a firewall rule, who approves it, is this management or a secondary ttechnician?

if your it support is outsourced what responsibilities on firewall management is with them, and what to you still have an involvement with?

How often do you perform a configuration review of the firewall to identify vulnerabiltiies, do you do this yourselves or get an independant 3rd party?

How do you seperate up the firewall management security (auditors term it separation of duties), who is reposnsible for what in your setup?

If you are experienced managing the security of the firewall, have you got any tips for a newbie on how to manage it to best practice, based on things you have seen (or perhaps done) done wrong in this past? Any additional pointers or areas of research where I can develop my knowledge of all the things to consider better.
0
Comment
Question by:pma111
2 Comments
 
LVL 6

Accepted Solution

by:
vojans earned 125 total points
ID: 24752951
Define a paper which will clearly point out which port is needed to be open, and what is it (or - it will be) used for.
Ask for confirmation of superior in charge - superior of person who demands it. Signature
So, if somebody wants you to open port 6881, for torrent, and his superior signs it, it is not yours to question why is he asking for it - he/she got a permit.
On the other hand, it would be good to make a kind of policy what is allowed and what is not, at least without a written approwal, and that will solve most of doubts...
0
 
LVL 18

Assisted Solution

by:deimark
deimark earned 125 total points
ID: 24753007
I will answer inline:

Hi all, I am researching some best practice on managing your corporate firewall. Rather than anything technical, what procedures do your guys go through to securely manage the firewall?

i.e. if you want to change a firewall rule, who approves it, is this management or a secondary ttechnician?

>>>  Good practice to have a 2nd opinion/set of eyes on the rule


if your it support is outsourced what responsibilities on firewall management is with them, and what to you still have an involvement with?

>>>  If its outsourced, then all you should need to do is contact this provider and make teh necessary requests, ie from <host> to <host> service HTTP  - permit

>>>  As above, it worth making sure that the provider has a confirmed list of authorised contacts thatc an request these changes


How often do you perform a configuration review of the firewall to identify vulnerabiltiies, do you do this yourselves or get an independant 3rd party?

>>>  This "should" br done regularly, but rarely is de to time needed etc.  I would say every quarter, review the rulebase and clean out old addresses, rules etc..  If its done by 3rd party, then get them in every quarter

How do you seperate up the firewall management security (auditors term it separation of duties), who is reposnsible for what in your setup?

>>>  Most decent firewalls will allow creation of different roles within teh firewall, ie some roles can edit address objects, some roles can create rules, some roles can edit IDP settings etc.  This means that admins are only given access to what they need.

If you are experienced managing the security of the firewall, have you got any tips for a newbie on how to manage it to best practice, based on things you have seen (or perhaps done) done wrong in this past? Any additional pointers or areas of research where I can develop my knowledge of all the things to consider better.

>>>  Apart from generic advise on creating the rulebases, ie most used at top, most specific at top, general rules at bottom and ALWAYS use a clean up rule with logging, the stuf above is a decent start.

>>>    I would say that if you have any specific questions, post here as the topic is quite large its hard to generalise.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Firewall attack 16 185
Outbound Internet Access Firewall Best Practice 8 78
Is my Machine open to hackers 3 107
Allowing a local account for incoming Rdp but not outgoing Rdp 15 160
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question