Educause Security Discussion mailing list archives

Re: Firewall Administration

From: Steven Johnson <sjohn100 () JHU EDU>
Date: Wed, 8 Jun 2005 13:59:00 -0400

I've been through the whole range of possibilities, from IT Security
manages nothing (really just an audit group) to IT security controls the
whole firewall (assuming it is not a FW service module in this case.)
The key is to strike the right balance for your organization and build a
strong relationship with the folks that maintain the hardware and/or OS
.  If responsibilities are shared across various groups though only one
group should be able to manipulate the ruleset no matter what.



Steve Johnson
Network Security Manager
IT@JH
1101 E. 33rd Street, D300
Baltimore, Maryland  21218
Phone:  443-997-3142
Fax:  443-997-5221

LeeAnne.Hart () MONTGOMERYCOLLEGE EDU 06/08/05 1:29 PM >>>

If you don't mind sharing, who maintains your firewalls - hardware and
operating system, not the firewall software? Currently, our IT
Security
team are the only people with access to our firewalls, but our
networking group is asking for some rights to maintain the hardware
and
to be able to reboot them. I have mixed feelings about this and wanted
to know how other organizations handle this. Also, what are some of
the
pros and cons of this?  Thanks,

Lee Anne Hart
IT Security Analyst
Montgomery College

Current thread:

Firewall Administration Hart, Lee Anne (Jun 08)
- <Possible follow-ups>
- Re: Firewall Administration Steven Johnson (Jun 08)
- Re: Firewall Administration Cal Frye (Jun 08)
- Re: Firewall Administration Parker, Ben C (Jun 08)
- Re: Firewall Administration Geoff Nathan (Jun 08)
- Re: Firewall Administration Greg Schaffer (Jun 08)
- Re: Firewall Administration Sarah Stevens (Jun 08)
- Re: Firewall Administration Willis Marti (Jun 08)
- Re: Firewall Administration Davis, Thomas R. (Jun 15)