>

Most Viewed Networking Devices:

  1. Small business firewalls
  2. Computer networking hardware
  3. High speed gigabit PCI adapter
  4. USB 3.0 PCI Card for Super Speed Data Transfer Rate
  5. Small Business Computer Network with Apple Mac Mini Server
  6. NSA 240 Sonicwall Small Business Network Security
  7. Cisco WRVS4400N Wireless Security Router
  8. Cisco RV 120W Wireless-N VPN Firewall and VLAN Router
  9. Cisco RV016 Multi WAN Router For Small Business
  10. Cisco RV220W Small Business Router
  11. Cisco RV082 Dual WAN VPN Router
  12. Edimax EnduraLINK ER-1088 Multi WAN Routers
  13. TL-R4299G Dual WAN Router for Internet Café
  14. New WNDR4500 N900 Vs Tew-692GR N900 Routers
  15. Netgear WNDR4000 and WNDR3800 Dual Band Routers
  16. Linksys E2500 Advanced Dual Band Router Vs E2000
  17. Linksys E-4200 Dual Band Gigabit Router

Most viewed Security Management:

  1. Information security management
  2. Firewalls Security Guidelines
  3. Business Continuity and Disaster Recovery Planning
  4. An Example of LAN Network Risk Assessment
  5. Information security policy guidelines
  6. Network Security Best Practices
  7. IT Security Risk Assessment

Most Viewed Networking Concepts:

  1. Local area network topology
  2. LAN Cable - standard deployment
  3. Easy way to calculate subnet mask
  4. VLAN tutorial
  5. WAN technologies
  6. Route summarization
  7. Understanding firewall with DMZ

 
«  
  »

Firewall Access Privileges

A configuration change made by any unauthorized or untrained personnel would most likely result in a security hole in the firewall system.

Privileges to modify the firewall configuration (rule base) must be restricted to authorized security personnel. All firewalls should have at least two people who are adequately trained and are proficient in managing the firewall system(s) and have a strong understanding of network and information security.

Configuration management of any firewall is critical in maintaining security of the firewall system. A configuration change made by any unauthorized or untrained personnel would most likely result in a security hole in the firewall system.

Having a split firewall administration facility allows monitor access to be granted which allows firewall logs to be routinely analyzed (i.e. many eyes) without granting full-access to the firewall system.

The minimum requirement with regards to “Firewall Access Privileges” is:

1. Firewall configurations must only be made by authorized security personnel.

2. All firewalls should have at least two administrators who are proficient in managing, maintaining the firewall(s). These firewall administrators should have a strong understanding of network security.

3. All firewall management procedures must follow published best practice procedures.

4. All firewall configuration changes must have a roll-back strategy.

5. Firewall configuration changes must not be made by untrained or unauthorized personnel.

The recommended requirement with regards to “Firewall Access Privileges” is as above plus the following additions:

6. A multiple account administration system should be used to grant administration and monitor access to the firewall system

a. Monitor access is to be used for log and firewall rule viewing only.

b. Administration access allows the firewall settings and security policies to be modified.

In the previous discussion about firewall functional requirements, you should also read the other series about firewall security -firewall management. Firewall management by monitoring the network is critical to the success of maintaining a healthy network environment.

See also:

Share
April 1st, 2009 | Tags: , | Category: Firewall Security

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>