Manage

Firewall responsibilities and firewall timeout features

We have a network systems group of more than 150 individuals. Which group is usually responsible for installing firewalls and maintaining their rules? Is there a possible conflict of interest when the systems architecture staff is responsible for maintaining firewalls?

Also, do firewall admin logons utilize a timeout feature on the firewall software, or is timeout usually limited to the operating system (i.e. NT) level?

Some companies combine security with the systems or networks group. Conflict of interest only arises when the same person that sets the rules is also the one that audits the data or the one that determined what the rules should be. It is always good to have a separation of duties.

As for timeouts, every login session to every device should have some type of timeout or password protected screensaver, or some other similar security protection. Admin logins are even more critical as they can change the security parameters of the system. Whether your firewall software supports an independant timeout is something that you will need to discuss with your firewall vendor.

For more information on this topic, visit these other SearchSecurity.com resources:
Network Security Tip: Firewall redundancy: Deployment scenarios and benefits
Network Security Tip: Q&A: Developments in firewalls
Security Policies Tip: The security policy document library: Firewall policy

This was last published in July 2004

Dig Deeper on Network device security: Appliances, firewalls and switches

SearchCloudSecurity

Firewall responsibilities and firewall timeout features

Dig Deeper on Network device security: Appliances, firewalls and switches

firewall

Updating firewall policies with the frequency of firewall testing

How to test a firewall: A three-step guide for testing firewalls

How to manage firewall testing using Nmap

SearchCloudSecurity

5 PaaS security best practices to safeguard the application layer

Private vs. public cloud security: Benefits and drawbacks

How to create a cloud security policy, step by step

SearchNetworking

SolarWinds: Lessons learned for network management, monitoring

7 key SD-WAN trends to evaluate in 2021

10 network security tips in response to the SolarWinds hack

SearchCIO

3 steps to recalibrate a strategic IT roadmap

Experts predict hot enterprise architecture trends for 2021

Cloud, security top list of IT spending priorities

SearchEnterpriseDesktop

Otter.ai helps Google Meet stay competitive

Will Windows 10 be the last Windows OS?

CES: Laptops sport designs friendly for remote workers

SearchCloudComputing

IBM acquisition spree targets hybrid cloud consulting market

How to choose between IaaS and SaaS cloud models

COVID-19 and remote work shift cloud predictions for 2021

ComputerWeekly.com

Vodafone unveils ‘instant’ Wi-Fi

BT connects Dutch diplomatic missions

Nine out of 10 UK card payments in 2020 were contactless