Educause Security Discussion mailing list archives
Re: Firewall Rule Audit Software/Service
From: "Simanovich, Roman" <rsimanovich () USJ EDU>
Date: Mon, 13 Aug 2018 17:41:34 +0000
A formal change control policy/process is the best security control for managing authorized administrator changes. I also have a script that runs daily and notifies me of any changes to the firewall config, this can easily be modified to notify the entire team whenever any configuration item is changed. Thanks, Roman From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Mandi Witkovsky Sent: Monday, August 13, 2018 11:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Firewall Rule Audit Software/Service Do you have a formal process that must be followed for an exception to be made? Our problem is that several people have legitimate access to make updates-but getting everyone to follow the same process is a challenge. Thanks, mandi From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Simanovich, Roman Sent: Monday, August 13, 2018 11:34 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Firewall Rule Audit Software/Service An excel spreadsheet works great for this, here are the columns I have in mine. Sequence # ID From To Source Destination Service Action NAT/AV/WebFilter/AppControl/IPS/SSLInsepction Department Description Expiration Thanks, Roman From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Mandi Witkovsky Sent: Monday, August 13, 2018 11:15 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Firewall Rule Audit Software/Service I'd love to hear the answer to this one. Even just learning how people tackle documenting and reviewing their rules would be beneficial. Thanks, mandi From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Telfer, Will Sent: Monday, August 13, 2018 11:11 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Firewall Rule Audit Software/Service We are looking at updating our Firewall Rule Audit structure so that we check over all of our rules at least once a year to verify whether they still need to be in place. Since we have multiple groups & multiple firewalls, each with their own specific set of rules the goal is to have some central structure where the audit can be recorded. Are any of you using a software or service that provides the ability for multiple users to log in & check off firewall rules? Please feel free to contact me off list if that is better for you. Thank You, Will Telfer, M.S. Information Security Analyst Information Technology Services [sig] Twitter: @BearAware Facebook: www.facebook.com/BearAware<http://www.facebook.com/BearAware>
Current thread:
- Firewall Rule Audit Software/Service Telfer, Will (Aug 13)
- Re: Firewall Rule Audit Software/Service Mandi Witkovsky (Aug 13)
- Re: Firewall Rule Audit Software/Service Simanovich, Roman (Aug 13)
- Re: Firewall Rule Audit Software/Service Mandi Witkovsky (Aug 13)
- Re: Firewall Rule Audit Software/Service Telfer, Will (Aug 13)
- Re: Firewall Rule Audit Software/Service Simanovich, Roman (Aug 13)
- Re: Firewall Rule Audit Software/Service Frank Barton (Aug 13)
- Re: Firewall Rule Audit Software/Service Ronald King (Aug 16)
- Re: Firewall Rule Audit Software/Service Simanovich, Roman (Aug 13)
- Re: Firewall Rule Audit Software/Service Mandi Witkovsky (Aug 13)