mailing list archives
Re: firewall rule lifecycle management
From: Skip Carter <skip () taygeta com>
Date: Tue, 30 Aug 2005 12:03:37 -0700
Question: What do those of you in large environments do to manage your
rulesets in terms of removing access that is no longer required? We get
lots of requests to add access, but are almost never told when
something can be removed. This is a large corporation with lots of
subcontractors, B2B, etc., and we're looking for ideas on how others
get a handle on this (or does anybody?).
We once provided an external firewall audit and in reviewing the special
access rules such as those described above, we noticed that one remote
location that had special access to Victoria's Secret (the client was
NOT any sort of retailer)! It turned out that the IP address once
belonged to a genuine business partner, who later gave up the address
which ultimately ended up in the possession of Victoria's Secret.
They now use a formal written change control procedure to help
manage this problem. We will see how well that works next audit.
Perhaps periodic external review is the best way.
Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647
Taygeta Network Security Services email: skip () taygeta net
1340 Munras Ave., Suite 314 WWW: http://www.taygeta.net/
Monterey, CA. 93940
firewall-wizards mailing list
firewall-wizards () honor icsalabs com