Firewall Wizards mailing list archives
Fwd: firewall rule lifecycle management
From: Brenno Hiemstra <brenno.hiemstra () gmail com>
Date: Wed, 31 Aug 2005 14:51:55 +0200
forgot to include the mailinglist.
---------- Forwarded message ---------- From: Brenno Hiemstra <brenno.hiemstra () gmail com> Date: Aug 31, 2005 11:06 AM Subject: Re: [fw-wiz] firewall rule lifecycle management To: Michael Cox <michael () wanderingbark net> Michael, We use a webbased solution where people need to supply their firewall rules. When they fill in the form they need to provide detailed information (source IP, destination IP, destination port, etcetera). This also needs to be validated by the firewall team. When all the bureaucratic stuff is done the rule is getting a tracking number which is also put into the firewall rulebase as 'more information'. This way you can always go back and track the rule to see what it was about. Each rule has a lifecycle of 1 year where it needs to be re-validated by a responsible person. If that doesn't happen, or the user removed the rule in the system, the rule is removed from the firewall. You also need to keep logging information so you can track how much the rule is being used. After a certain period of time (3 months eg.) you can think about removing the rule from the firewall. Just a few options to think about. Brenno. On 8/30/05, Michael Cox <michael () wanderingbark net> wrote:Hi all. Question: What do those of you in large environments do to manage your rulesets in terms of removing access that is no longer required? We get lots of requests to add access, but are almost never told when something can be removed. This is a large corporation with lots of subcontractors, B2B, etc., and we're looking for ideas on how others get a handle on this (or does anybody?). Thanks in advance! Michael _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
~*���e�,ڭ�&j)b� b������\"ͪݲ'�����Zn�(�m����z+�����r���������+-�w����{���j�l
Current thread:
- firewall rule lifecycle management Michael Cox (Aug 30)
- RE: firewall rule lifecycle management Bruce Smith (Aug 31)
- Re: firewall rule lifecycle management Martin (Aug 31)
- Re: firewall rule lifecycle management Victor Williams (Aug 31)
- Re: firewall rule lifecycle management Martin (Aug 31)
- Re: firewall rule lifecycle management Skip Carter (Aug 31)
- Re: firewall rule lifecycle management Joe Matusiewicz (Aug 31)
- Re: firewall rule lifecycle management Kevin (Aug 31)
- Re: firewall rule lifecycle management Christoph Haas (Aug 31)
- <Possible follow-ups>
- Fwd: firewall rule lifecycle management Brenno Hiemstra (Aug 31)
- RE: firewall rule lifecycle management Bruce Smith (Aug 31)