RE: documenting the firewall

From: Gregory_DeGennaro@csaa.com
Date: 09/27/01


Message-ID: <97E963187BE1D211AF210008C7916094062C89DF@EXCHMO03>
From: Gregory_DeGennaro@csaa.com
To: pacifi3r@hotmail.com, security-basics@security-focus.com
Subject: RE: documenting the firewall
Date: Thu, 27 Sep 2001 09:26:08 -0700

Is this for execs or future/present firewall admins.

1. To start with, I would document what is blocked and/or permitted through
the firewall.
2. Update and upgrade information of the firewall.
3. Version number of the firewall software or IOS.
4. Information on specific IPs or subnets that had been blocked for
suspicious activity.
5. Any change made to the firewall by an administrator.
6. Statistics of suspicious activity for the execs.
7. Depending on the size of the hard drive or recording media, I would keep
logs of all traffic, both suspicious and normal traffic. This way, you can
monitor employees as well since they pose the highest threat to your
environment.

Greg

-----Original Message-----
From: Pacifier [mailto:pacifi3r@hotmail.com]
Sent: Wednesday, September 26, 2001 5:04 AM
To: Security Basics
Subject: documenting the firewall

Hi Gurus,
The company sec policy requires that we document the firewall. I would like
some pointers or sample docs created by the list if possible so that I can
see where to start and how the whole thing should look and what info it
should have.

Please can you help by pointing me to sites and sending sample docs.

Thanks a million!



Relevant Pages

  • RE: documenting the firewall
    ... Subject: documenting the firewall ... I would start by listing the firewall's rules and the rationale for each of ... firewall does to control each of them. ... Please can you help by pointing me to sites and sending sample docs. ...
    (Security-Basics)
  • documenting the firewall
    ... Subject: documenting the firewall ... The company sec policy requires that we document the firewall. ... some pointers or sample docs created by the list if possible so that I can ... Please can you help by pointing me to sites and sending sample docs. ...
    (Security-Basics)
  • RE: what should I do when....
    ... What you have done should have been to follow your internal procedure for ... this kind of "suspicious activity". ... firewall logs, from a specific ip based in Canada, the ...
    (Security-Basics)
  • Re: Smoothwall website hacked
    ... >> apache config (security is not ... Marcus best firewall will block any suspicious activity, ...
    (comp.os.linux.security)