In many companies, the powerful firewall systems are considered these black boxes and protection by and in themselves. Such organizations tends not to control their firewalls properly. This often leaves the full responsibility of firewall management and rule setting on a small (and usually overworked) group of administrators.
The problem with such an approach is that the firewall administrators are the only ones that know and understand what rules and permissions are set on the firewalls. Furthermore, this puts the burden of proper security directly on their shoulders.
In case of a security breach, an audit may show that an improper configuration was set-up on the firewall, either intentionally or by mistake. But in any case, the administrator will then have the argument that he performed under the "best effort" principle, and didn't have the big picture or proper guidelines.
Therefore, it is very useful to create a Corporate Firewall Policy. This policy is a high level documents that will
- assure firewall setup compliant to the Corporate Security Policy
- provide a high level, easily readable description of the rules that must be applied to the firewalls
- regulate responsibilities for set-up and approval of rules
- regulate emergency changes to rules
- regulate audit and control of compliance to the policy
- Give the administrators the guidebook on what to actually set-up
Download the Firewall Configuration Policy Template HERE
8 Tips for Securing from the Security expert
Be Aware of Security Risks of USB Flash Drives
Check Your DNS Zone Transfer Status
6 steps to securing your backup media
Talkback and comments are most welcome