Educause Security Discussion mailing list archives
Re: Firewall Rule Audit Software/Service
From: Frank Barton <bartonf () HUSSON EDU>
Date: Mon, 13 Aug 2018 13:52:29 -0400
Roman, we have something similar... RANCID checks our configs hourly, and emails the entire itsec team of any changes Frank On Mon, Aug 13, 2018 at 1:41 PM, Simanovich, Roman <rsimanovich () usj edu> wrote:
A formal change control policy/process is the best security control for managing authorized administrator changes. I also have a script that runs daily and notifies me of any changes to the firewall config, this can easily be modified to notify the entire team whenever any configuration item is changed. Thanks, Roman *From:* The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Mandi Witkovsky *Sent:* Monday, August 13, 2018 11:57 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Firewall Rule Audit Software/Service Do you have a formal process that must be followed for an exception to be made? Our problem is that several people have legitimate access to make updates—but getting everyone to follow the same process is a challenge. Thanks, mandi *From:* The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Simanovich, Roman *Sent:* Monday, August 13, 2018 11:34 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Firewall Rule Audit Software/Service An excel spreadsheet works great for this, here are the columns I have in mine. Sequence # ID From To Source Destination Service Action NAT/AV/WebFilter/AppControl/IPS/SSLInsepction Department Description Expiration Thanks, Roman *From:* The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Mandi Witkovsky *Sent:* Monday, August 13, 2018 11:15 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Firewall Rule Audit Software/Service I’d love to hear the answer to this one. Even just learning how people tackle documenting and reviewing their rules would be beneficial. Thanks, mandi *From:* The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Telfer, Will *Sent:* Monday, August 13, 2018 11:11 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Firewall Rule Audit Software/Service We are looking at updating our Firewall Rule Audit structure so that we check over all of our rules at least once a year to verify whether they still need to be in place. Since we have multiple groups & multiple firewalls, each with their own specific set of rules the goal is to have some central structure where the audit can be recorded. Are any of you using a software or service that provides the ability for multiple users to log in & check off firewall rules? Please feel free to contact me off list if that is better for you. Thank You, Will Telfer, M.S. Information Security Analyst Information Technology Services [image: sig] Twitter: @BearAware Facebook: www.facebook.com/BearAware
-- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University
Current thread:
- Firewall Rule Audit Software/Service Telfer, Will (Aug 13)
- Re: Firewall Rule Audit Software/Service Mandi Witkovsky (Aug 13)
- Re: Firewall Rule Audit Software/Service Simanovich, Roman (Aug 13)
- Re: Firewall Rule Audit Software/Service Mandi Witkovsky (Aug 13)
- Re: Firewall Rule Audit Software/Service Telfer, Will (Aug 13)
- Re: Firewall Rule Audit Software/Service Simanovich, Roman (Aug 13)
- Re: Firewall Rule Audit Software/Service Frank Barton (Aug 13)
- Re: Firewall Rule Audit Software/Service Ronald King (Aug 16)
- Re: Firewall Rule Audit Software/Service Simanovich, Roman (Aug 13)
- Re: Firewall Rule Audit Software/Service Mandi Witkovsky (Aug 13)