I think that it is more a management issue than a technical issue.
To make change to a firewall rule, we need to go through the following
process: -
Users make a change request;
an Info Sec guy has to approve it
Then I make the change to a firewall rule.
This process may take minutes or days to complete. However, it builds in
"control" and "check and balance" or "over-sight".
Just my 2 cents.
Ivan
----- Original Message -----
From: "Bennett Samowich" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, January 25, 2000 10:26 PM
Subject: Firewall Administration Question
> Greetings,
>
> This may be slightly off the normal threads found on this list, however,
it
> may still be relevant to others in the same situation.
>
> What is the typical rationale behind who can make changes to the firewall
> rules? Should unqualified or under-qualified people be allowed access?
>
> Please allow me to clarify the question by citing an example.
>
> There are three of us where I work, and I am the on who is "most
> knowledgeable" when it comes to the firewall. It should also be noted
that
> we are running a Linux based firewall. I have had to set up the rules so
> that the masquerading rules decide which machines have access to the
> Internet. I also have had to set up scripts so that either of the other
> two can add machines to the masquerading rules. Since neither of the two
> fully understand how to manipulate the rules I get concerned when they
> arbitrarily run them. Mind you, I am _NOT_ the one in charge here either,
> so my hands are mostly tied (if you know what I mean).
>
> Any thoughts?
> - Bennett
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
