I'm not directly involved in the firewall for the corporation in my current postion, but as the Security Manager at my last employer, one of the things we did was set up a schedule of regular firewall reviews by a committee consisting of the firewall admin, the network admin and myself. We had a check list of the minimum requirements for the firewalls, including the bogons and a final deny all rule. It was a e-commerce software/hosting company, so we had over 30 firewalls we managed. Our entire IT department, including myself and the IT Director was 7 people, so you can guess this wasn't something people liked making time for, but it saved us a more than once when someone had made a mistake in the firewall configuration. I like the idea of an automatic update, but I think it's more important to have regular peer review of the firewall configuration. It's worked well for me in the past Martin Martin McKeay, CISSP, GSNA Cobia Product Evangelist StillSecure martin@xxxxxxxxxxxxxxx 707-495-7926 http://www.cobiablog.com -----Original Message----- From: Arnt Karlsen [mailto:arnt@xxxxxxx] Sent: Wednesday, June 13, 2007 11:26 AM To: Martin McKeay Cc: R. DuFresne; netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: ..prevention, was: syn DDoS attack solution On Wed, 13 Jun 2007 08:24:24 -0600, Martin wrote in message <5C9E8CCEEB81ED498AC0C3B0054704F302A8410E@xxxxxxxxxxxxxxxxx>: > It's manual at this point. The bogons aren't changing that often to > the best of my knowledge, maybe 3-4 times a year at most. ..rare enough to forgen't all about it then. Cron job? -- ..med vennlig hilsen = with Kind Regards from Arnt... ;o) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case.
