RE: Where do firewall Admins Sit in An Company

["Darren Bounds" <dbounds () intrusense com>]

Excellent point. Differentiating those two areas is key and yet it is
often difficult for larger organizations to do so. 

More often than not I see large enterprises battling over who controls
the firewalls. Network engineering says they're routers, Information
Security says they're access control devices, and upper management
swings back and forth. 

Some may say they're both correct. I don't think so. While it is true
that more often than not (some firewalls are bridging) firewall devices
route packets between networks, it is the underlying operating system
that is handling the direction of traffic and not the firewall software.
True, in some cases the line between operating system and firewall
software may be blurred, but it's still there. 

One good example is the a Check Point firewall running on a Nokia device
running IPSO. Routing changes are made through the Voyager interface (a
web-based front end to the operating system) and the OS handles the
routing. The firewall sits atop of the OS and hands the packets to the
kernel, after it's been inspected and handled them appropriately. It
doesn't care what interface the packet traverses it's only interest is
in if the packet abides by the rules defined within it's policy.

It may be difficult to see on other platforms (ie: Cisco PIX) but while
the OS and firewall may appear tightly integrated, there is still a very
distinct logical separation between the two.

 
Darren Bounds
Security Engineering
Intrusense Inc.
 
--
Intrusense - Securing Business As Usual




-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Bill
Royds
Sent: Monday, June 02, 2003 6:41 PM
To: firewall-wizards () honor icsalabs com; Tony Miedaner
Subject: Re: [fw-wiz] Where do firewall Admins Sit in An Company


You really have to differentiate between firewall administration and
firewall rule development, although often they will be the same in
smaller places. Firewall administration is part of operations, often
servers if you are looking at an application gateway running on a server
OS, or networking if it is an appliance or stateful inspection like a
PIX working more closely with the network. But the firewall policy and
rule development should be part of security, so that rules fit needs of
security policy, rather than the needs of operational efficiency. This
is alos a good form of separation of duties by having at least two
independent reviews of the ruleset so both operational needs
(availability) and security needs are fulfilled.


----- Original Message ----- 
From: "Tony Miedaner" <miedaner () twcny rr com>
To: <firewall-wizards () honor icsalabs com>
Sent: Monday, June 02, 2003 7:38 AM
Subject: [fw-wiz] Where do firewall Admins Sit in An Company


: Hi All,
:
: A couple questions:
:
: 1. Typically what part of an organization do firewall administrators
belong
: to in a large Enterprise (Example Networking, Server, Security)?
:
: 2. If the firewall administrators sit in a non-security group what
type of
: oversight is typically performed over them.
:
:
: 3. If firewall administrators sit in a security group what type of
: oversight is done on them?
:
: TIA.
:
: _______________________________________________
: firewall-wizards mailing list
: firewall-wizards () honor icsalabs com
: http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards