Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: firewall-wizards digest, Vol 1 #992 - 11 msgs

From: "clarke-cummings () columbus rr com" <clarke-cummings () columbus rr com>
Date: Tue, 3 Jun 2003 11:15:48 -0400
Tony,

As a consultant I have seen several different configurations.  

1.  The answer is: yes.  Every company is slightly different, often for bad
political reasons.  Most frequently my experience has been that the
firewall admins are in Networking, sometimes security is in networking
also, and the admin lives there.  I would like to see the person in the
security group, but maybe colocated.  I think the network group makes a lot
of sense, especially when you are looking at organizations that have a lot
of Cisco devices with PIX.

2.  When the admin is not part of the group security should be periodically
evaluating the rules and potentially signing off on changes.  At the least
they need to be notified when rule changes occur so that it can be tracked
against the corporate security policies (which everyone has, right?)

3.  I would think that the network group would need to be in the loop on
changes to the firewall rules by a security group based admin.  

No matter where the admin is the biggest thing is to have a security policy
that describes what the inside/outside communication rules are.  Then there
needs to be rules for adding/reviewing/updating the firewall.  Next, based
on the process figure out a communication schedule.  Firewall rule changes
can affect many people so always save the old config so you can restore it
if the changes fail.

Hope that helps.

Clarke 
cissp

Message: 4
Date: Mon, 02 Jun 2003 07:38:33 -0400
To: firewall-wizards () honor icsalabs com
From: Tony Miedaner <miedaner () twcny rr com>
Subject: [fw-wiz] Where do firewall Admins Sit in An Company

Hi All,

A couple questions:

1. Typically what part of an organization do firewall administrators belong 
to in a large Enterprise (Example Networking, Server, Security)?

2. If the firewall administrators sit in a non-security group what type of 
oversight is typically performed over them.


3. If firewall administrators sit in a security group what type of 
oversight is done on them?

TIA.




--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: