Educause Security Discussion mailing list archives

Re: Firewall Rule Audit Software/Service


From: "Telfer, Will" <Will_Telfer () BAYLOR EDU>
Date: Mon, 13 Aug 2018 16:00:47 +0000

Yes, we have an established email address where any exceptions must be requested & then approved by a member of the 
security group (other than some pre-approved changes that are still posted but the changes are made without further 
approval being necessary). There are only two to three people that can actually make the firewall changes, but we have 
many more who request that changes be made.  Our security group consists of 3 staff members & a supervisor (who is 
currently serving as our CIO, as well so that is spurring the change to make this process a bit less cumbersome). So 
the exception process is in place, we just don't have a good flow for audit currently.

Thank You,
Will Telfer, M.S.
Information Security Analyst
Information Technology Services
[sig]
Twitter: @BearAware
Facebook: www.facebook.com/BearAware


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mandi 
Witkovsky
Sent: Monday, August 13, 2018 10:57 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Firewall Rule Audit Software/Service

Do you have a formal process that must be followed for an exception to be made?  Our problem is that several people 
have legitimate access to make updates-but getting everyone to follow the same process is a challenge.

Thanks,
mandi

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Simanovich, Roman
Sent: Monday, August 13, 2018 11:34 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Firewall Rule Audit Software/Service

An excel spreadsheet works great for this, here are the columns I have in mine.

Sequence #
ID
From
To
Source
Destination
Service
Action
NAT/AV/WebFilter/AppControl/IPS/SSLInsepction
Department
Description
Expiration



Thanks,
Roman

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Mandi Witkovsky
Sent: Monday, August 13, 2018 11:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Firewall Rule Audit Software/Service

I'd love to hear the answer to this one.  Even just learning how people tackle documenting and reviewing their rules 
would be beneficial.

Thanks,
mandi



From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Telfer, Will
Sent: Monday, August 13, 2018 11:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Firewall Rule Audit Software/Service

We are looking at updating our Firewall Rule Audit structure so that we check over all of our rules at least once a 
year to verify whether they still need to be in place. Since we have multiple groups & multiple firewalls, each with 
their own specific set of rules the goal is to have some central structure where the audit can be recorded. Are any of 
you using a software or service that provides the ability for multiple users to log in & check off firewall rules? 
Please feel free to contact me off list if that is better for you.

Thank You,
Will Telfer, M.S.
Information Security Analyst
Information Technology Services
[sig]
Twitter: @BearAware
Facebook: 
www.facebook.com/BearAware<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FBearAware&data=01%7C01%7CWill_Telfer%40BAYLOR.EDU%7C9e6015c8b38447df013908d601357256%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=k1kMjFmy9%2Blz1TUtqZBLKOZw9e9ftjUCA9NljKwk2fA%3D&reserved=0>



Current thread: