RE: documenting the firewall

From: Gregory_DeGennaro@csaa.com
Date: 09/27/01


Message-ID: <97E963187BE1D211AF210008C7916094062C89DF@EXCHMO03>
From: Gregory_DeGennaro@csaa.com
To: pacifi3r@hotmail.com, security-basics@security-focus.com
Subject: RE: documenting the firewall
Date: Thu, 27 Sep 2001 09:26:08 -0700

Is this for execs or future/present firewall admins.

1. To start with, I would document what is blocked and/or permitted through
the firewall.
2. Update and upgrade information of the firewall.
3. Version number of the firewall software or IOS.
4. Information on specific IPs or subnets that had been blocked for
suspicious activity.
5. Any change made to the firewall by an administrator.
6. Statistics of suspicious activity for the execs.
7. Depending on the size of the hard drive or recording media, I would keep
logs of all traffic, both suspicious and normal traffic. This way, you can
monitor employees as well since they pose the highest threat to your
environment.

Greg

-----Original Message-----
From: Pacifier [mailto:pacifi3r@hotmail.com]
Sent: Wednesday, September 26, 2001 5:04 AM
To: Security Basics
Subject: documenting the firewall

Hi Gurus,
The company sec policy requires that we document the firewall. I would like
some pointers or sample docs created by the list if possible so that I can
see where to start and how the whole thing should look and what info it
should have.

Please can you help by pointing me to sites and sending sample docs.

Thanks a million!