[fw-wiz] secure firewall rule management program
From: Mordechai T. Abzug (morty_at_frakir.org)
Date: 09/16/05
- Previous message: Mike Bydalek: "[fw-wiz] Different Authentication For vpngroups On PIX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Thu, 15 Sep 2005 23:55:57 -0400
Anyone have suggestions for a good, secure webified firewall rule
management program? Ie. the kind of thing where users submit requests
for firewall holes (for a swiss-cheese type firewall) and there's
support for workflow so that a requested rule goes to an approver for
approval, and if approved, it then goes to an implementor for
implementation.
Other requirements:
* the system should include a notion of rule expiration, with
attendant workflow
* the system should support change requests to existing rules, with
attendant workflow.
* The ability to abstract users into departments or projects,
ie. instead of the rule for the accounting web server belonging to
an individual, it belongs to "accounting". Even better if an
individual can submit for multiple projects, ie. a sysadmin who
works for both accounting and marketing can annotate "this rule
belongs to accounting" and the like.
* Sane role/permissions scheme, ie. user from department 1 can't
modify rule requests for department 2, and the like.
* Secure code! The firewall request system should not be a security
hole.
Desirements:
* the ability to export rulesets into popular firewall formats
* Free! (yeah, right)
- Morty
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Mike Bydalek: "[fw-wiz] Different Authentication For vpngroups On PIX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
