Re: [fw-wiz] firewall rule lifecycle management

From: Skip Carter (skip_at_taygeta.com)
Date: 08/30/05

  • Next message: Joe Matusiewicz: "Re: [fw-wiz] firewall rule lifecycle management" 
    To: firewall-wizards@honor.icsalabs.com
Date: Tue, 30 Aug 2005 12:03:37 -0700

    > Question: What do those of you in large environments do to manage your
    > rulesets in terms of removing access that is no longer required? We get
    > lots of requests to add access, but are almost never told when
    > something can be removed. This is a large corporation with lots of
    > subcontractors, B2B, etc., and we're looking for ideas on how others
    > get a handle on this (or does anybody?).

    We once provided an external firewall audit and in reviewing the special
    access rules such as those described above, we noticed that one remote
    location that had special access to Victoria's Secret (the client was
    NOT any sort of retailer)! It turned out that the IP address once
    belonged to a genuine business partner, who later gave up the address
    which ultimately ended up in the possession of Victoria's Secret.

    They now use a formal written change control procedure to help
    manage this problem. We will see how well that works next audit.

    Perhaps periodic external review is the best way.

    Skip 

    -- 
 Dr. Everett (Skip) Carter           Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Network Security Services   email: skip@taygeta.net
 1340 Munras Ave., Suite 314         WWW: http://www.taygeta.net/
 Monterey, CA. 93940            
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Joe Matusiewicz: "Re: [fw-wiz] firewall rule lifecycle management"