Educause Security Discussion mailing list archives
Re: Firewall Rule Audit Software/Service
From: "Telfer, Will" <Will_Telfer () BAYLOR EDU>
Date: Mon, 13 Aug 2018 16:00:47 +0000
Yes, we have an established email address where any exceptions must be requested & then approved by a member of the security group (other than some pre-approved changes that are still posted but the changes are made without further approval being necessary). There are only two to three people that can actually make the firewall changes, but we have many more who request that changes be made. Our security group consists of 3 staff members & a supervisor (who is currently serving as our CIO, as well so that is spurring the change to make this process a bit less cumbersome). So the exception process is in place, we just don't have a good flow for audit currently. Thank You, Will Telfer, M.S. Information Security Analyst Information Technology Services [sig] Twitter: @BearAware Facebook: www.facebook.com/BearAware From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mandi Witkovsky Sent: Monday, August 13, 2018 10:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Firewall Rule Audit Software/Service Do you have a formal process that must be followed for an exception to be made? Our problem is that several people have legitimate access to make updates-but getting everyone to follow the same process is a challenge. Thanks, mandi From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Simanovich, Roman Sent: Monday, August 13, 2018 11:34 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Firewall Rule Audit Software/Service An excel spreadsheet works great for this, here are the columns I have in mine. Sequence # ID From To Source Destination Service Action NAT/AV/WebFilter/AppControl/IPS/SSLInsepction Department Description Expiration Thanks, Roman From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Mandi Witkovsky Sent: Monday, August 13, 2018 11:15 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Firewall Rule Audit Software/Service I'd love to hear the answer to this one. Even just learning how people tackle documenting and reviewing their rules would be beneficial. Thanks, mandi From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Telfer, Will Sent: Monday, August 13, 2018 11:11 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Firewall Rule Audit Software/Service We are looking at updating our Firewall Rule Audit structure so that we check over all of our rules at least once a year to verify whether they still need to be in place. Since we have multiple groups & multiple firewalls, each with their own specific set of rules the goal is to have some central structure where the audit can be recorded. Are any of you using a software or service that provides the ability for multiple users to log in & check off firewall rules? Please feel free to contact me off list if that is better for you. Thank You, Will Telfer, M.S. Information Security Analyst Information Technology Services [sig] Twitter: @BearAware Facebook: www.facebook.com/BearAware<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.facebook.com%2FBearAware&data=01%7C01%7CWill_Telfer%40BAYLOR.EDU%7C9e6015c8b38447df013908d601357256%7C22d2fb35256a459bbcf4dc23d42dc0a4%7C1&sdata=k1kMjFmy9%2Blz1TUtqZBLKOZw9e9ftjUCA9NljKwk2fA%3D&reserved=0>
Current thread:
- Firewall Rule Audit Software/Service Telfer, Will (Aug 13)
- Re: Firewall Rule Audit Software/Service Mandi Witkovsky (Aug 13)
- Re: Firewall Rule Audit Software/Service Simanovich, Roman (Aug 13)
- Re: Firewall Rule Audit Software/Service Mandi Witkovsky (Aug 13)
- Re: Firewall Rule Audit Software/Service Telfer, Will (Aug 13)
- Re: Firewall Rule Audit Software/Service Simanovich, Roman (Aug 13)
- Re: Firewall Rule Audit Software/Service Frank Barton (Aug 13)
- Re: Firewall Rule Audit Software/Service Ronald King (Aug 16)
- Re: Firewall Rule Audit Software/Service Simanovich, Roman (Aug 13)
- Re: Firewall Rule Audit Software/Service Mandi Witkovsky (Aug 13)