Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: KDarringt
New Today: 20
New Yesterday: 55
Overall: 148142

People Online:
Visitors: 76
Members: 3
Total: 79 .

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - Change Management - Firewall admins
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Change Management - Firewall admins

 
Post new topic   Reply to topic    ITIL Forum Index -> Change Management
View previous topic :: View next topic  
Author Message
Shiner3lima
Itiler


Joined: Apr 16, 2007
Posts: 21

PostPosted: Thu May 17, 2007 8:52 pm    Post subject: Change Management - Firewall admins Reply with quote

Does anyone know of a policy that governs numbers of administrators who are allowed full access to a firewall? A change to how certain things happen on our firewall is being requested and they want extra administrators to do it. Giving more people full access to a firewall does not equate to good management in my opinion.

Does anyone agree?
Back to top
View user's profile Send e-mail
Ed
Senior Itiler


Joined: Feb 28, 2006
Posts: 411
Location: Coventry, England

PostPosted: Fri May 18, 2007 10:07 pm    Post subject: Reply with quote

Hi Shiner3lima

Change Management does not make Firewall Access policy, this will be done by your customer (internal or external) and applied by the Network Administrators. Your Change management team should only be interested in the change to the access lists / config files.

I would agree that in the case of looking at risk, the less people 'fiddling' with a firewall, the better

Good solid procedures are a pre-requisite! ( I am just proof reading a new one for our firewalls Laughing )

Regards

Ed
Back to top
View user's profile
Shiner3lima
Itiler


Joined: Apr 16, 2007
Posts: 21

PostPosted: Fri May 18, 2007 10:27 pm    Post subject: Firewall Admin Changes Reply with quote

Hi Ed, It worries me alot that I am being asked to decide on the number of administrators of our firewall. I really feel that only fully trained, qualified staff should have full access/admin rights to the firewall. It is very easy to make a mistake that could deny access to the whole network. These are decisions that are going to come up from time to time and it is useful to have had a reference point.

Thanks for your thoughts.

AndyW.
Back to top
View user's profile Send e-mail
Fabien
Senior Itiler


Joined: Sep 27, 2005
Posts: 207

PostPosted: Fri May 18, 2007 10:53 pm    Post subject: Reply with quote

Practically, you could define that the security policy is under the control of Change Management. There is a specific reason why I would want to do that: ensure that Security does not stand in the way of business needs. I have seen many Security Mgrs and Admins acting against responsible business decisions that I am not very inclined to let Security be its own judge of all things. Security is about mitigating risks and some people just accept no risk, despite the willingness of the business to take them. It gets messy.

Placing Security Policy under the control of Change Management gives it a chance to be evaluated by a panel that may/should include business decision makers.

Only a slight digression.

I think the first step in this case should be to evaluate why this change is needed. It seems to me that if you are asked to add Security Admins, it would be because the expected results are not being delivered by existing ones. I can't see another reason why you would want to increase the number of Security Admins otherwise.

I too think you shouldn't spread admin rights on security devices like you spread love.

But you should have a policy that defines the requirements for someone to acquire admin rights and according to which a person should be trained on this, this and that. It should be approved by this person, this person and that person. And the process is this this and that. Have controls and audit procedures in place and ensure that everybody follows the rules. Then I don't see a problem with that.......
_________________
BR,
Fabien Papleux

Accenture
Technology Consulting | Service Excellence
Red Badge Certified

Twitter @itilgeek
Back to top
View user's profile Send e-mail Visit poster's website MSN Messenger
Ed
Senior Itiler


Joined: Feb 28, 2006
Posts: 411
Location: Coventry, England

PostPosted: Mon May 21, 2007 5:07 pm    Post subject: Reply with quote

Fabien wrote:

But you should have a policy that defines the requirements for someone to acquire admin rights and according to which a person should be trained on this, this and that. It should be approved by this person, this person and that person. And the process is this this and that. Have controls and audit procedures in place and ensure that everybody follows the rules. Then I don't see a problem with that.......


Guys

I hope I haven't misunderstood Question

This for me says it all - Ok I have a small shop and it is easier to control, but the essentials are that the business makes the decision Smile - after all if it was an external customer then they would go crazy Shocked if you gave access to 25 new administrators without their authorisation. I agree with Fabian that you manage the risks to a point. I would not want to make the policy on this one. Far too risky Laughing

Regards

Ed
Back to top
View user's profile
Shiner3lima
Itiler


Joined: Apr 16, 2007
Posts: 21

PostPosted: Mon May 21, 2007 9:49 pm    Post subject: Change Management - Firewall admins Reply with quote

Hi Ed. Thanks for your post. I think I have got to the nub of this issue
and decided that if proper documentation/procedures are provided and relevent training has been given to a limited number of new admins then it would be acceptable to grant this change. Common sense prevails.

AndyW.
Back to top
View user's profile Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> Change Management All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.