Re: Firewall Administration

[Willis Marti <wmarti () TAMU EDU>]

> If you don't mind sharing, who maintains your firewalls - hardware and
> operating system, not the firewall software? Currently, our IT Security
> team are the only people with access to our firewalls, but our
> networking group is asking for some rights to maintain the hardware and
> to be able to reboot them. I have mixed feelings about this and wanted
> to know how other organizations handle this. Also, what are some of the
> pros and cons of this?

 I don't see how one separates operation (including configuration and
maintenance) from network operations. While you may (should) restrict can
configure any class of devices (e.g., installers may do edge switches but not
routers), those who maintain the routers and traffic monitors and IDS and
firewalls should be part of the same group. I don't think you can effectively
detect and respond to attacks/intrusions unless that varied expertise is
tightly integrated. Or, how can IT security work without initimate access to
operational network data and devices. Yes, there are "politics" involved, but
the only real separation might occur between policy creation and operations.
One can separate host operations from network operations, but the firewall is
part of the network.
Cheers,
 Willis Marti
 Associate Director for Networking
 Computing & Information Services
 Texas A&M University