Posted on 2009-07-01
Hi all, I am researching some best practice on managing your corporate firewall. Rather than anything technical, what procedures do your guys go through to securely manage the firewall?
i.e. if you want to change a firewall rule, who approves it, is this management or a secondary ttechnician?
if your it support is outsourced what responsibilities on firewall management is with them, and what to you still have an involvement with?
How often do you perform a configuration review of the firewall to identify vulnerabiltiies, do you do this yourselves or get an independant 3rd party?
How do you seperate up the firewall management security (auditors term it separation of duties), who is reposnsible for what in your setup?
If you are experienced managing the security of the firewall, have you got any tips for a newbie on how to manage it to best practice, based on things you have seen (or perhaps done) done wrong in this past? Any additional pointers or areas of research where I can develop my knowledge of all the things to consider better.