Firewall Wizards mailing list archives

Re: firewall rule lifecycle management

From: Kevin <kkadow () gmail com>
Date: Tue, 30 Aug 2005 23:44:04 -0500

On 8/30/05, Michael Cox <michael () wanderingbark net> wrote:

Question: What do those of you in large environments do to manage your
rulesets in terms of removing access that is no longer required?


This can be a real problem, especially for services which are only
used for quarterly or biannual reports, if that often.

We're just now migrating a number of B2B rules to new firewalls,
and in this process we're discovering that fully half of the current
rules are no longer used; in many cases the source or destination
IP address no longer exists, often the employee listed as the
contact on the original request is no longer with the company.

Last week I was trying to track down a port and determined that the
vendor offering the B2B service had been bought out, no longer
exists under the original name.  But the service is still running,
I wonder if they know? (legacy firewall policies cut both ways!)

We get lots of requests to add access, but are almost never told when
something can be removed. This is a large corporation with lots of
subcontractors, B2B, etc., and we're looking for ideas on how others
get a handle on this (or does anybody?).


Our Sidewinder G2 firewalls offers fields for an end time and date
under the "authentication" settings for each rule, and we are starting
to request  a termination date for all "short term" requests and
entering this into the firewall.  The vendor also offers an add-on
reporting tool which can provide rule-based reports showing
unused rules in the active firewall policy.  I haven't tried this yet,
as the "Security Reporter" only runs on Windows.

It should be interesting to see what happens six months down the road,
when these rules start to expire...

Kevin Kadow
--
Moderator, Unofficial Sidewinder Firewall Users group:
http://groups.yahoo.com/group/sidewinder-users/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

firewall rule lifecycle management Michael Cox (Aug 30)
- RE: firewall rule lifecycle management Bruce Smith (Aug 31)
  - Re: firewall rule lifecycle management Martin (Aug 31)
    - Re: firewall rule lifecycle management Victor Williams (Aug 31)
- Re: firewall rule lifecycle management Skip Carter (Aug 31)
- Re: firewall rule lifecycle management Joe Matusiewicz (Aug 31)
- Re: firewall rule lifecycle management Kevin (Aug 31)
- Re: firewall rule lifecycle management Christoph Haas (Aug 31)
- <Possible follow-ups>
- Fwd: firewall rule lifecycle management Brenno Hiemstra (Aug 31)