Re: firewall change request

[wraith () digitaloverdrive org]

Hello,

You could have an approval team set up as follows:

1. Manager over the resources/hosts being accessed (ie: server team). This person will look at the form and provide 
oversight as to whether or not access is needed. This person would be the most familiar with the hosts and applications 
running on them.

2. Manager of the networking team (if not the same resource as above). This person would have the knowledge of the 
network topology and know if the request makes sense or if another solution needs to be architected.

3. A security/network administrator from the team performing the firewall change, but not the actual person performing 
the task. This is just as a sanity check to make sure that nothing was missed on the technical level. This team should 
have the most knowledge and be in contact with the CISO and/or his team for questions, exceptions, etc.

Proper education from the top (CISO, etc.) as to what is acceptable traffic and access would have to be put into place 
and communicated throughout the chain as well.

Nothing is mentioned about PCI, etc., but just to be sure, the person requesting the change should not be on the 
approvers list.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------