Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: firewall rule lifecycle management
From: Skip Carter <skip () taygeta com>
Date: Tue, 30 Aug 2005 12:03:37 -0700

Question: What do those of you in large environments do to manage your 
rulesets in terms of removing access that is no longer required? We get 
lots of requests to add access, but are almost never told when 
something can be removed. This is a large corporation with lots of 
subcontractors, B2B, etc., and we're looking for ideas on how others 
get a handle on this (or does anybody?).

We once provided an external firewall audit and in reviewing the special
access rules such as those described above, we noticed that one remote
location that had special access to Victoria's Secret (the client was
NOT any sort of retailer)!  It turned out that the IP address once
belonged to a genuine business partner, who later gave up the address
which ultimately ended up in the possession of Victoria's Secret.

They now use a formal written change control procedure to help
manage this problem.  We will see how well that works next audit.

Perhaps periodic external review is the best way.


 Dr. Everett (Skip) Carter           Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Network Security Services   email: skip () taygeta net
 1340 Munras Ave., Suite 314         WWW: http://www.taygeta.net/
 Monterey, CA. 93940            

firewall-wizards mailing list
firewall-wizards () honor icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]