Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Approval Process

From: JohnNicholson () aol com
Date: Wed, 26 Mar 2003 14:30:14 -0500
Debbie -

Regardless of whether anyone else does it, I'd say you've got a pretty good situation as long as it doesn't overwhelm 
you.

Centralizing a function like that decreases the likelihood that some random person is going to misconfigure something 
and open a hole in your firewall, or that some tech is going to open a hole at the insistance of a business person.

John


In a message dated 3/25/2003 6:10:11 PM Eastern Standard Time, "Debbie Torri" <debbietorri () eudoramail com> writes:


Hi, 

I currently approve of all production changes to our firewalls (internet and dmz) and also approve all VPN request for 
for external companies that want access into our network. We have 12 firewalls and about 700 production servers (Unix 
and Windows).  

This is my question: Do you do this as part of your job?  I have no clue if this a normal task done by other security 
professionals. What are the pro's and con's of doing this. 

---
Debbie Torri CISSP
Norwest Industries
Denver, Colorado
---
Debbie Torri CISSP
Norwest Industries
Denver, Colorado


Need a new email address that people can remember
Check out the new EudoraMail at
http://www.eudoramail.com

-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1




-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1
Previous By Date Next
Previous By Thread Next

Current thread: