RE: Separate firewall administrator and firewall system administrator

["Bill Royds" <lists () royds net>]

That's not a bad idea, since it follows separation of duties principles and allows experts to be working in their area 
of expertise.
 The main caveat is that there needs to be a change management procedure for any changes n either the firewall 
configuration or system configuration so that the both administrators are confident that there is no conflict that 
could create risk.
 Your main concern as security administrator is that changes to OS configuration could create a vulnerable system 
holding your firewall. So you need to be aware of  and have control of patches and all services running on the firewall 
platform. You don't want your box administrators putting in SNMP on the firewall, for example.
But if they administrate what you specify, you now have two sets of eyes looking at things, lowering the risk of 
misconfiguration.


-----Original Message-----
From: firewall-wizards-admin () nfr com
[mailto:firewall-wizards-admin () nfr com]On Behalf Of Joe Matusiewicz
Sent: Fri June 14 2002 11:58
To: firewalls () lists gnac net
Cc: firewall-wizards () nfr com
Subject: [fw-wiz] Separate firewall administrator and firewall system
administrator


Greetings,

Management came up with this new proposal.  Our firewalls should now have 
the operating system managed by the system administration group.  The 
current firewall administrators should only handle the firewall 
software.  I never heard of this before.  Is there anyone out there doing this?

Please feel free to comment on this idea.


-- Joe

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards