Firewall Wizards mailing list archives
Re: What challenges are security admins facing?
From: Paul Robertson <proberts () patriot net>
Date: Tue, 27 May 2003 09:22:55 -0400 (EDT)
On Mon, 26 May 2003, Paul Ammann wrote:
Hi I've working on the firewall security audit at my company, and I've been getting exposure to many different areas that I normally wouldn't. I work with the Check Point firewalls. I'm curious as to what people challenges security admin are facing.
Change control is always a big issue. So are things like password managment, backups, ruleset validation, physical cabling verification, and potentially important things like log analysis and the legal aspects of such (for instance, do you regularly review logs, or only when "something bad happens- the answer could change the defensibility of using that analysis in court, are your logs set up to be reported on, and will that ensure the business record exemption for evidentiary submission...) [At this point, you should be asking yourself "Why hasn't Legal been involved in our audits before?" and probably thinking "They might want specific things documented that aren't, and that's a bigger stick than I currently have...]
I'm talking things you might not normally take into consideration. For example, lack of communication or documentation, inaccurrate network drawings of firewall locations, no formal change control procedure, tracking temporary firewall rules, limiting access to firewall policies and log information, or my favorite, no procedure for when an employee has left the company or change job functions.
If you're doing user-ids, think about automatically expiring ones which haven't been used for some period of time. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- What challenges are security admins facing? Paul Ammann (May 27)
- Re: What challenges are security admins facing? Paul Robertson (May 27)
- Re: What challenges are security admins facing? R. DuFresne (May 27)
- Re: What challenges are security admins facing? ark (May 28)
- Re: What challenges are security admins facing? Paul Robertson (May 28)
- Re: What challenges are security admins facing? ark (May 28)
- Re: What challenges are security admins facing? Paul Robertson (May 27)
- RE: What challenges are security admins facing? Ben Nagy (May 27)
- Re: What challenges are security admins facing? R. DuFresne (May 27)
- <Possible follow-ups>
- Fw: What challenges are security admins facing? Paul Ammann (May 29)
- Re: Fw: What challenges are security admins facing? R. DuFresne (May 29)