Re: [fw-wiz] Where do firewall Admins Sit in An Company

• Previous message: Hilal Hussein: "RE: [fw-wiz] : unable to ping internet servers"
• In reply to: Bill Royds: "Re: [fw-wiz] Where do firewall Admins Sit in An Company"
• Next in thread: Mitch Pirtle: "Re: [fw-wiz] Where do firewall Admins Sit in An Company"
• Reply: Mitch Pirtle: "Re: [fw-wiz] Where do firewall Admins Sit in An Company"
• Reply: Bill Royds: "Re: [fw-wiz] Where do firewall Admins Sit in An Company"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Tue, 03 Jun 2003 06:37:51 -0400

Thanks for the reply.

OK. Security develops policy and does approval of changes but where is
oversight?

Since obviously the networking and server folks do not wear a security hat,
at least that is not what they get pay raises for.

TIA

At 09:40 PM 6/2/2003 -0400, Bill Royds wrote:
>You really have to differentiate between firewall administration and
>firewall rule development, although often they will be the same in smaller
>places.
>Firewall administration is part of operations, often servers if you are
>looking at an application gateway running on a server OS, or networking if
>it is an appliance or stateful inspection like a PIX working more closely
>with the network.
>But the firewall policy and rule development should be part of security, so
>that rules fit needs of security policy, rather than the needs of
>operational efficiency. This is alos a good form of separation of duties by
>having at least two independent reviews of the ruleset so both operational
>needs (availability) and security needs are fulfilled.
>
>
>----- Original Message -----
>From: "Tony Miedaner" <miedaner@twcny.rr.com>
>To: <firewall-wizards@honor.icsalabs.com>
>Sent: Monday, June 02, 2003 7:38 AM
>Subject: [fw-wiz] Where do firewall Admins Sit in An Company
>
>
>: Hi All,
>:
>: A couple questions:
>:
>: 1. Typically what part of an organization do firewall administrators
>belong
>: to in a large Enterprise (Example Networking, Server, Security)?
>:
>: 2. If the firewall administrators sit in a non-security group what type of
>: oversight is typically performed over them.
>:
>:
>: 3. If firewall administrators sit in a security group what type of
>: oversight is done on them?
>:
>: TIA.
>:
>: _______________________________________________
>: firewall-wizards mailing list
>: firewall-wizards@honor.icsalabs.com
>: http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Hilal Hussein: "RE: [fw-wiz] : unable to ping internet servers"
• In reply to: Bill Royds: "Re: [fw-wiz] Where do firewall Admins Sit in An Company"
• Next in thread: Mitch Pirtle: "Re: [fw-wiz] Where do firewall Admins Sit in An Company"
• Reply: Mitch Pirtle: "Re: [fw-wiz] Where do firewall Admins Sit in An Company"
• Reply: Bill Royds: "Re: [fw-wiz] Where do firewall Admins Sit in An Company"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]