Firewall Wizards mailing list archives
RE: Separate firewall administrator and firewall system administrator
From: Ron DuFresne <dufresne () winternet com>
Date: Fri, 14 Jun 2002 14:57:31 -0500 (CDT)
On Fri, 14 Jun 2002, Bill Royds wrote:
That's not a bad idea, since it follows separation of duties principles = and allows experts to be working in their area of expertise. The main caveat is that there needs to be a change management procedure = for any changes n either the firewall configuration or system = configuration so that the both administrators are confident that there = is no conflict that could create risk. Your main concern as security administrator is that changes to OS = configuration could create a vulnerable system holding your firewall. So = you need to be aware of and have control of patches and all services = running on the firewall platform. You don't want your box administrators = putting in SNMP on the firewall, for example. But if they administrate what you specify, you now have two sets of eyes = looking at things, lowering the risk of misconfiguration.
I don't know, I think I disagree, soon I fear the firewall will be running DNS, to save machines, and/or smtp, or worserer, httpd or something. Over-seperation of IT/IS departments into little fifdoms tends to layer in so many levels of administration and change management issues that changes that need to be done *now* take days or weeks to impliment, and soon right hands don't know what left thumbs are doing or responsible for. Next thing you know, your IT/IS department starts to look and respond as poorly as the FBI did prior to 9/11... Thanks, Ron DuFresne
-----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com]On Behalf Of Joe Matusiewicz Sent: Fri June 14 2002 11:58 To: firewalls () lists gnac net Cc: firewall-wizards () nfr com Subject: [fw-wiz] Separate firewall administrator and firewall system administrator Greetings, Management came up with this new proposal. Our firewalls should now = have=20 the operating system managed by the system administration group. The=20 current firewall administrators should only handle the firewall=20 software. I never heard of this before. Is there anyone out there = doing this? Please feel free to comment on this idea. -- Joe _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards -- Firewalls mailing list - [ firewalls () isc org ] To unsubscribe: http://www.isc.org/services/public/lists/firewalls.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Separate firewall administrator and firewall system administrator Joe Matusiewicz (Jun 14)
- Re: Separate firewall administrator and firewall system administrator Adam Shostack (Jun 16)
- Re: Separate firewall administrator and firewall system administrator Robert Sim (Jun 16)
- Re: Separate firewall administrator and firewall systemadministrator Mikael Olsson (Jun 16)
- RE: Separate firewall administrator and firewall system administrator Bill Royds (Jun 16)
- RE: Separate firewall administrator and firewall system administrator Paul D. Robertson (Jun 16)
- RE: Separate firewall administrator and firewall system administrator Ron DuFresne (Jun 16)
- Re: Separate firewall administrator and firewall system administrator Paul D. Robertson (Jun 16)
- Re: Separate firewall administrator and firewall system administrator Rick Smith at Secure Computing (Jun 16)
- RE: Separate firewall administrator and firewall system administrator Yin To Chu (Jun 16)
- RE: Separate firewall administrator and firewall system administrator Yin To Chu (Jun 16)
- Re: Separate firewall administrator and firewall system administrator David R. Matusiak (Jun 16)
- Re: Separate firewall administrator and firewall system administrator Paul D. Robertson (Jun 16)
- Re: Separate firewall administrator and firewall system administrator Paul Alukal (Jun 17)