Re: firewall rule lifecycle management

[Skip Carter <skip () taygeta com>]

> Question: What do those of you in large environments do to manage your 
> rulesets in terms of removing access that is no longer required? We get 
> lots of requests to add access, but are almost never told when 
> something can be removed. This is a large corporation with lots of 
> subcontractors, B2B, etc., and we're looking for ideas on how others 
> get a handle on this (or does anybody?).

We once provided an external firewall audit and in reviewing the special
access rules such as those described above, we noticed that one remote
location that had special access to Victoria's Secret (the client was
NOT any sort of retailer)!  It turned out that the IP address once
belonged to a genuine business partner, who later gave up the address
which ultimately ended up in the possession of Victoria's Secret.

They now use a formal written change control procedure to help
manage this problem.  We will see how well that works next audit.

Perhaps periodic external review is the best way.



Skip


-- 
 Dr. Everett (Skip) Carter           Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Network Security Services   email: skip () taygeta net
 1340 Munras Ave., Suite 314         WWW: http://www.taygeta.net/
 Monterey, CA. 93940            











_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards