Ruleset Auditing and Validation

["Sitkin, Jacob B." <Jacob.Sitkin () unisys com>]

Having now a firewall infrastructure that has grown beyond the ability of a
dozen or more engineers to keep up with on a daily basis, we are faced with
the task of auditing and validating our 80+ policy sets for security,
accuracy, relevancy and perhaps most of all efficacy with respect to hidden
bleed through of services, protocols and ports.

Recent discussions regarding "how to go about it" have centered on the
problem of any one engineer's viewing of a particular rule or set of rules
and interpreting correctly if the ruleset being inspected is valid for the
stated purpose (as defined by the ruleset itself or in the comments
attached).

We are looking for a systematic approach and I am curious to find out how
others either a) may have addressed an enterprise wide ruleset (firewall
policy) review or b) discovered any FAQ and/or other documentation available
that addresses this problem.

Jay Sitkin, Unisys
Architecture & Technology
Access Engineering
Sr. Network Engineer
Blue Bell, PA 19424
(215) 986-5564

"The bicycle is a curious vehicle. Its passenger is its engine." -John
Howard

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards