Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What challenges are security admins facing?

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 27 May 2003 10:53:04 -0400 (EDT)
On Mon, 26 May 2003, Paul Ammann wrote:


Hi

I've working on the firewall security audit at my company, and I've been 
getting exposure to many different areas that I normally wouldn't. I work 
with the Check Point firewalls. I'm curious as to what people challenges 
security admin are facing.



All of what you mention below are most likely going to be found to be
fairly common areas for many who will respond:



I'm talking things you might not normally take into consideration. For 
example, lack of communication or documentation, inaccurrate network 
drawings of firewall locations, 


Ahh, documentation, the bain of most every IT person.  It's important to
document and to maintain, but, sometimes the more pertient facts never get
put into a container for retrieval, often the area<s> to store
documentation get to unweildly, in terms of document never getting date
stamped in a proper fashion to determine what is current and what is dated
out of reality, to downright crappy naming conventions such that finding
the facts sought becomes a major chore itself.  Every IT dept needs to
have a primary and backup person whose job it is to maintain departmental
documentation, they get tasked with harrassing others to produce their
share, and with keeping the archives of documentation current, and
readable and traversable.  Of course in these time especially, with IT
being sorely over tasked and understaffed, this area is left unfilled,
even though it is perhaps as important as the daily/weekly/monthly
backups...


no formal change control procedure, 
tracking temporary firewall rules, limiting access to firewall policies 
and log information, or my favorite, no procedure for when an employee has 
left the company or change job functions.



I have yet to see anything that works well for documenting and maintaining
this kind of information cept those sites that have put in a "remedy<TM>"
or like, tracking system and delved into the roots of the package to
pushed it beyond it's default trouble ticketing system functions to do
some of the things it can do, if scripted/programed beyond the basics.
What was nice and sweets about those few sites tnat put rememdy and their
fav similar tools to the task was it was likemaking an appointment in the
corp PIM, you create the event, or mark the change made, and set the
review time and remedy prods you about and need for action or review when
that time slots pops into focus.

If your company has such tools and such resources and priorities and
'requirements' for information storage and the tracking of temp changes
and tinely review of those settings, getting those tasked to do, into the
habit of properly using then can be the major chore...

Of course, I happen to believe that stunguns <electronic larts> are a
valuable human resource/employee management tool


Thanks,

Ron DuFresne



Best regards,

Paul
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: