[fw-wiz] secure firewall rule management program

From: Mordechai T. Abzug (morty_at_frakir.org)
Date: 09/16/05

  • Next message: kcshubane_at_lab.org: "[fw-wiz] Process"
    To: firewall-wizards@honor.icsalabs.com
    Date: Thu, 15 Sep 2005 23:55:57 -0400
    
    

    Anyone have suggestions for a good, secure webified firewall rule
    management program? Ie. the kind of thing where users submit requests
    for firewall holes (for a swiss-cheese type firewall) and there's
    support for workflow so that a requested rule goes to an approver for
    approval, and if approved, it then goes to an implementor for
    implementation.

    Other requirements:

    * the system should include a notion of rule expiration, with
      attendant workflow

    * the system should support change requests to existing rules, with
      attendant workflow.

    * The ability to abstract users into departments or projects,
      ie. instead of the rule for the accounting web server belonging to
      an individual, it belongs to "accounting". Even better if an
      individual can submit for multiple projects, ie. a sysadmin who
      works for both accounting and marketing can annotate "this rule
      belongs to accounting" and the like.

    * Sane role/permissions scheme, ie. user from department 1 can't
      modify rule requests for department 2, and the like.

    * Secure code! The firewall request system should not be a security
      hole.

    Desirements:

    * the ability to export rulesets into popular firewall formats

    * Free! (yeah, right)

    - Morty
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: kcshubane_at_lab.org: "[fw-wiz] Process"

    Relevant Pages

    • Re: [fw-wiz] secure firewall rule management program
      ... other two products claim to support multiple firewall vendors. ... The system should allow users to submit rule requests, ... be available to approvers and implementers. ... an individual, it belongs to "accounting". ...
      (Firewall-Wizards)
    • Re: Network Firewall/Routing Solution
      ... Cisco router w/ Firewall IOS, ... > not working properly at all with multiple network cards. ... > I will need to deal with inbound web and ftp requests from the ... > non-pasv connections. ...
      (comp.security.firewalls)
    • Re: IDS and SSL
      ... invalid requests not just detection. ... In English: attacks against ... The web application firewall ... Quite frankly I wouldn’t put a web server of any worth ...
      (Vuln-Dev)
    • Re: Network Firewall/Routing Solution
      ... >> firewall combo boxes that linksys sells, and I really don't want to run ... >> not working properly at all with multiple network cards. ... >> like Unicode and header information for http requests, ... >> non-pasv connections. ...
      (comp.security.firewalls)
    • [fw-wiz] secure firewall rule management program
      ... Anyone have suggestions for a good, secure webified firewall rule ... The system should allow users to submit rule requests, ... be available to approvers and implementers. ... an individual, it belongs to "accounting". ...
      (Firewall-Wizards)