Firewall Wizards mailing list archives
RE: firewall-wizards digest, Vol 1 #992 - 11 msgs
From: "clarke-cummings () columbus rr com" <clarke-cummings () columbus rr com>
Date: Tue, 3 Jun 2003 11:15:48 -0400
Tony, As a consultant I have seen several different configurations. 1. The answer is: yes. Every company is slightly different, often for bad political reasons. Most frequently my experience has been that the firewall admins are in Networking, sometimes security is in networking also, and the admin lives there. I would like to see the person in the security group, but maybe colocated. I think the network group makes a lot of sense, especially when you are looking at organizations that have a lot of Cisco devices with PIX. 2. When the admin is not part of the group security should be periodically evaluating the rules and potentially signing off on changes. At the least they need to be notified when rule changes occur so that it can be tracked against the corporate security policies (which everyone has, right?) 3. I would think that the network group would need to be in the loop on changes to the firewall rules by a security group based admin. No matter where the admin is the biggest thing is to have a security policy that describes what the inside/outside communication rules are. Then there needs to be rules for adding/reviewing/updating the firewall. Next, based on the process figure out a communication schedule. Firewall rule changes can affect many people so always save the old config so you can restore it if the changes fail. Hope that helps. Clarke cissp Message: 4 Date: Mon, 02 Jun 2003 07:38:33 -0400 To: firewall-wizards () honor icsalabs com From: Tony Miedaner <miedaner () twcny rr com> Subject: [fw-wiz] Where do firewall Admins Sit in An Company Hi All, A couple questions: 1. Typically what part of an organization do firewall administrators belong to in a large Enterprise (Example Networking, Server, Security)? 2. If the firewall administrators sit in a non-security group what type of oversight is typically performed over them. 3. If firewall administrators sit in a security group what type of oversight is done on them? TIA. -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ . _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: firewall-wizards digest, Vol 1 #992 - 11 msgs clarke-cummings () columbus rr com (Jun 03)