Security Basics mailing list archives
RE: firewall change request
From: Dan Lynch <DLynch () placer ca gov>
Date: Fri, 17 Feb 2012 08:49:30 -0800
There have been a couple really good, detailed answers to this issue. Do others on the list have no change controls to speak of? And if you do, what changes are people allowed to make without a requiring a formal process of review, approval and documentation? For those with clear policy guidance, would you be willing to share the details? For me, our policy says that the change request process is required for "any change that has a reasonable expectation of impacting customer service availability". In reality though, we go through the full process for any and all firewall rule changes, regardless the expected impact on service availability, like adding a host object to a group, then installing policy. We use a browser-based form in which we specify the changes to be made and their impact. This must receive the prior approval of at least one of seven IT supervisors, and at least one higher level IT manager. One of these supervises the firewall team, the other has authority over IT for a business unit that might be affected. Neither has more than rudimentary experience in or knowledge of firewalls or networking. The other five can sign off the change after the fact. (In reality, we first request permission to submit the request, from these same supervisors. The form doesn't get filled out until we've received their permission do it. We request permission to request permission to perform a change. The entire process can take up to a week.) They then specify when the change can be made. Some changes are made the same day during business hours, others wait until an after hours window opens, usually simply after 5:30 pm. In the case of one critical firewall cluster, there is only one window per month, a Tuesday between 4:00 am and 6:00 am. Dan Lynch, CISSP Information Technology Analyst County of Placer Auburn, CA ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- firewall change request marck e. (Feb 08)
- RE: firewall change request Bahrs, Art (Feb 09)
- RE: firewall change request Dan Lynch (Feb 20)
- RE: firewall change request Daniel Tran (Feb 20)
- <Possible follow-ups>
- Re: firewall change request kartik . netsec (Feb 08)
- Re: firewall change request wraith (Feb 12)
- Re: RE: firewall change request kartik . netsec (Feb 21)