-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 13 Jun 2007, Martin McKeay wrote:
I'm not directly involved in the firewall for the corporation in my
current postion, but as the Security Manager at my last employer, one of
the things we did was set up a schedule of regular firewall reviews by a
committee consisting of the firewall admin, the network admin and
myself. We had a check list of the minimum requirements for the
firewalls, including the bogons and a final deny all rule. It was a
e-commerce software/hosting company, so we had over 30 firewalls we
managed. Our entire IT department, including myself and the IT Director
was 7 people, so you can guess this wasn't something people liked making
time for, but it saved us a more than once when someone had made a
mistake in the firewall configuration.
I like the idea of an automatic update, but I think it's more important
to have regular peer review of the firewall configuration. It's worked
well for me in the past
That's kinda a lame cop-out for not wanting to update your online
documentation and work up some scripts to accompany it. Such a review
does not have to negate an automated function to deall with blocking bogon
blocks nor spam controls. And automating such tasks is a good way to make
sure rules and info are uptodate and currnet, even prior to a review.
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFGcZp1st+vzJSwZikRAuv+AKDRGgGHaO010LFNxEqB5lYQoFzY4QCdEA4L
5QXNf/5/W6UUAyGLgH7O7+M=
=uzzl
-----END PGP SIGNATURE-----
