Security Basics mailing list archives
RE: firewall change request
From: "Daniel Tran" <daniel.tran () gnofcu com>
Date: Mon, 20 Feb 2012 12:08:38 -0600
Does anyone have a form that you are willing to share? Thank you, Daniel Tran -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Dan Lynch Sent: Friday, February 17, 2012 10:50 AM To: security-basics () securityfocus com Subject: RE: firewall change request There have been a couple really good, detailed answers to this issue. Do others on the list have no change controls to speak of? And if you do, what changes are people allowed to make without a requiring a formal process of review, approval and documentation? For those with clear policy guidance, would you be willing to share the details? For me, our policy says that the change request process is required for "any change that has a reasonable expectation of impacting customer service availability". In reality though, we go through the full process for any and all firewall rule changes, regardless the expected impact on service availability, like adding a host object to a group, then installing policy. We use a browser-based form in which we specify the changes to be made and their impact. This must receive the prior approval of at least one of seven IT supervisors, and at least one higher level IT manager. One of these supervises the firewall team, the other has authority over IT for a business unit that might be affected. Neither has more than rudimentary experience in or knowledge of firewalls or networking. The other five can sign off the change after the fact. (In reality, we first request permission to submit the request, from these same supervisors. The form doesn't get filled out until we've received their permission do it. We request permission to request permission to perform a change. The entire process can take up to a week.) They then specify when the change can be made. Some changes are made the same day during business hours, others wait until an after hours window opens, usually simply after 5:30 pm. In the case of one critical firewall cluster, there is only one window per month, a Tuesday between 4:00 am and 6:00 am. Dan Lynch, CISSP Information Technology Analyst County of Placer Auburn, CA ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442 f727d1 ------------------------------------------------------------------------ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify Greater New Orleans Federal Credit Union. This message could contain confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Email transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed or contain viruses. GNOFCU therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of email transmission. If verification is required, please request a hard-copy. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- firewall change request marck e. (Feb 08)
- RE: firewall change request Bahrs, Art (Feb 09)
- RE: firewall change request Dan Lynch (Feb 20)
- RE: firewall change request Daniel Tran (Feb 20)
- <Possible follow-ups>
- Re: firewall change request kartik . netsec (Feb 08)
- Re: firewall change request wraith (Feb 12)
- Re: RE: firewall change request kartik . netsec (Feb 21)