Answer:
A corporate security policy is the basis for which all other security-related business practices are founded. The policy should describe what assets you are trying to protect, why you are trying to protect them, and from whom. The firewall represents the technical implementation of your security policy. Therefore, it should provide guidelines for what policies your firewall is enforcing. This includes acceptable use, outbound and inbound access, incident response and administration. In addition, it should identify a defined change control group who is responsible for configuration changes, such updates and/or patches, to the firewall. This helps to avoid the firewall failing as a result of misconfigurations.
Chris Geffel, CISSP, GIAC, is a security architect for RedSiren. He is responsible for the design, configuration and implementation of RedSiren’s managed service solutions. Prior to RedSiren, he was with Bayer Corporation, where he supported security-focused projects including e-commerce, firewall implementation and management, anti-virus and secure remote access. At RedSiren, he has lead a number of initiatives, including the role as lead architect of RedSiren’s Managed Intrusion Detection System (MIDS) system.
First published on BankersOnline.com 4/01/02
print
share