Top 10 reasons the firewall guy's hair is on fire
- 26 June, 2009 23:58
- Comments
Firewalls are a mature technology, right? Most companies have at least one, if not several. And since an established knowledge base exists to tap for issues and PCI DSS 1.1 and 1.2 are pretty clear cut, firewall management shouldn't be much of an issue, right? No one is going to suffer the brunt of managing the significant infrastructure change these regulations are bound to bring more than the security operations team, correct?
Well, not really.
If your friendly neighborhood firewall guy (or gal) rolls into work late on a Monday morning sleep deprived and grouchy, cut him some slack. Here are some of the most common-yet-nerve-sizzling firewall snafus that have kept many an admin on a Friday-to-Sunday diet of fast food and Red Bull:
10.) The Saturday-at-midnight policy update process didn't go exactly as planned and he spent the rest of the weekend sorting through a bloated rule base to find out exactly what went wrong, and it ended up to be a slight overlap of rule 847 (meaning, 847 rules deep into the rule base) with rule 73.
9.) The network firewall rule base(s) have become so bloated that likely erroneous, obsolete and overlapping (or "shadowed") rules have caused unneeded risk or degraded hardware performance due to unnecessary processing and hardware drain (Yes, rule bloat is a big enough issue it warrants two of the top-10 spots)
8.) Monday's firewall changes didn't work when the polices were pushed out on Saturday because someone else's changes offset his and he had no idea who might have been making changes, what the change was, or why they made it.
7.) The last firewall guy had his own way of managing changes that is virtually indecipherable to those of everyone else, with no reference to the original request or business unit. And before he quit last month he accidentally cut off access to a mission-critical application when making a change.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
The 30 best Safari extensions -- so far
-
Apple and Google disagree over licensing of essential patents
-
Monash Uni reduces IT teams after consolidation project
-
FTC warns makers of background checking apps
-
QLD govt demands answers after pay glitch
-
Gartner MarketScope for Application Life Cycle Management
Organisations adopting agile practices, utilising global and distributed teams, or exploiting complex processes and technologies are most likely to benefit from using ALM tools to plan, manage and report on their development activities. This MarketScope assesses the market offerings and their providers. -
A Technical Overview of the Oracle Exadata Database Machine and Exadata Storage Server
Businesses today increasingly need to leverage a unified database platform to enable the deployment and consolidation of all applications onto one common infrastructure. Whether OLTP, DW or mixed workload a common infrastructure delivers the efficiencies and reusability the datacenter needs – and provides the reality of grid computing in-house. Read on. -
The Convergence of IT Operations Management
The new wave of mobile consumer devices, combined with the surge of interest in cloud computing, is creating complex challenges for IT. In this white paper, read about new research from IDG that explores these challenges, and learn about a cost-effective approach to managing PCs, mobile devices, software, and IT infrastructure that simplifies and automates the entire ownership experience.
-
Singularity Poems
-
Excel Data Analysis
-
Professional Sharepoint 2007 Records Management Development
-
The Comprehensive Russian Computer Dictionary
-
SQL Instant Reference 2E
-
Innocent Code - a Security Wake-up Call for Web Programmers
-
Linux Complete, Second Edition
-
Wiley Pathways
-
Professional Haxe and Neko
Get exclusive access to Invitation only events CIO, reports & analysis. 
Comments
Post new comment