Solved

firewall policies

Posted on 2009-07-01
2
211 Views
Last Modified: 2013-11-05
Hi all, I am researching some best practice on managing your corporate firewall. Rather than anything technical, what procedures do your guys go through to securely manage the firewall?

i.e. if you want to change a firewall rule, who approves it, is this management or a secondary ttechnician?

if your it support is outsourced what responsibilities on firewall management is with them, and what to you still have an involvement with?

How often do you perform a configuration review of the firewall to identify vulnerabiltiies, do you do this yourselves or get an independant 3rd party?

How do you seperate up the firewall management security (auditors term it separation of duties), who is reposnsible for what in your setup?

If you are experienced managing the security of the firewall, have you got any tips for a newbie on how to manage it to best practice, based on things you have seen (or perhaps done) done wrong in this past? Any additional pointers or areas of research where I can develop my knowledge of all the things to consider better.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
vojans earned 125 total points
ID: 24752951
Define a paper which will clearly point out which port is needed to be open, and what is it (or - it will be) used for.
Ask for confirmation of superior in charge - superior of person who demands it. Signature
So, if somebody wants you to open port 6881, for torrent, and his superior signs it, it is not yours to question why is he asking for it - he/she got a permit.
On the other hand, it would be good to make a kind of policy what is allowed and what is not, at least without a written approwal, and that will solve most of doubts...
0
 
LVL 18

Assisted Solution

by:deimark
deimark earned 125 total points
ID: 24753007
I will answer inline:

Hi all, I am researching some best practice on managing your corporate firewall. Rather than anything technical, what procedures do your guys go through to securely manage the firewall?

i.e. if you want to change a firewall rule, who approves it, is this management or a secondary ttechnician?

>>>  Good practice to have a 2nd opinion/set of eyes on the rule


if your it support is outsourced what responsibilities on firewall management is with them, and what to you still have an involvement with?

>>>  If its outsourced, then all you should need to do is contact this provider and make teh necessary requests, ie from <host> to <host> service HTTP  - permit

>>>  As above, it worth making sure that the provider has a confirmed list of authorised contacts thatc an request these changes


How often do you perform a configuration review of the firewall to identify vulnerabiltiies, do you do this yourselves or get an independant 3rd party?

>>>  This "should" br done regularly, but rarely is de to time needed etc.  I would say every quarter, review the rulebase and clean out old addresses, rules etc..  If its done by 3rd party, then get them in every quarter

How do you seperate up the firewall management security (auditors term it separation of duties), who is reposnsible for what in your setup?

>>>  Most decent firewalls will allow creation of different roles within teh firewall, ie some roles can edit address objects, some roles can create rules, some roles can edit IDP settings etc.  This means that admins are only given access to what they need.

If you are experienced managing the security of the firewall, have you got any tips for a newbie on how to manage it to best practice, based on things you have seen (or perhaps done) done wrong in this past? Any additional pointers or areas of research where I can develop my knowledge of all the things to consider better.

>>>  Apart from generic advise on creating the rulebases, ie most used at top, most specific at top, general rules at bottom and ALWAYS use a clean up rule with logging, the stuf above is a decent start.

>>>    I would say that if you have any specific questions, post here as the topic is quite large its hard to generalise.
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question