[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Firewall Security Policies and Procedures
Hi, See, PhoneBoy's book.....It has a great sample firewall policy...... The biggest thing I would add, is that you need to clearly state in any policy that its up to the folks requesting changes, to determine the ports they need opened. This may seem simple, but it the biggest reason why any organisation has 'any' 'any' rules, in place on their firewall....... ----------------- allow only needed services, deny every thing else. ?Any?, ?any? firewall rule change requests will not be accepted, unless there is a technical reason why all ports and services must be used. Generally, applications use specific ports and services, it will be up to <tech people> to determine from the vendor, or other means, the specific ports needed minimally through the firewall. If the vendor can not provide this information it will be <tech people> responsibility to monitor the traffic over a period and determine the ports and services that need to be enabled through the firewall. This needs to be done before firewall rule requests are made so that only the minimum amount of ports and services are enable on <company> firewalls. ------------------ Hope that help... Joe McGean Technical Security Architect Allianz, Ireland ******************************************************************** Please Note: Our e-mail address is now 'allianz.ie' Visit our website at http://www.allianz.ie Disclaimer : The information contained and transmitted in this e-mail is confidential information, and is intended only for the named recipient to which it is addressed. The content of this e-mail may not have been sent with the authority of the company. If the reader of this message is not the named recipient or a person responsible for delivering it to the named recipient, you are notified that the review, dissemination, distribution, transmission, printing or copying, forwarding, or any other use of this message or any part of it, including any attachments, is strictly prohibited. If you have received this communication in error, please delete the e-mail and destroy all record of this communication. Thank you for your assistance. ******************************************************************** ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|