Also, do firewall admin logons utilize a timeout feature on the firewall software, or is timeout usually limited to the operating system (i.e. NT) level?
Some companies combine security with the systems or networks group. Conflict of interest only arises when the same person that sets the rules is also the one that audits the data or the one that determined what the rules should be. It is always good to have a separation of duties.
As for timeouts, every login session to every device should have some type of timeout or password protected screensaver, or some other similar security protection. Admin logins are even more critical as they can change the security parameters of the system. Whether your firewall software supports an independant timeout is something that you will need to discuss with your firewall vendor.
For more information on this topic, visit these other SearchSecurity.com resources:
Network Security Tip: Firewall redundancy: Deployment scenarios and benefits
Network Security Tip: Q&A: Developments in firewalls
Security Policies Tip: The security policy document library: Firewall policy
This was first published in July 2004