We run mss services wherein we have full control over the customer firewalls and all policy changes are done by us based on tickets opened by the customer.
The customers buy this service with the hope that the policies created by "experts" are going to be secure and tight without the dreaded - any any rules.
But lo and behold, all 10-15 of us have access to these customer firewalls and every time a ticket opens up, one of us makes the changes.
And its a mess! Multiple any-any rules allow traffic to all ports, fortunately, people do bother putting the source and destination addresses. I have no realized when a new ticket comes in now for a firewall, change the traffic is already allowed under some previous rule and you don't even need to do anything!
The bigger question is how to even maintain tight firewall rules, I am thinking a weekly fine-tuning of rules is a must and a reporting tool that can keep sending out emails every time traffic any any rule is created..how do yall do it?
No comments:
Post a Comment