|By Adrian Grigorof, B.Sc., MCSE|
Day by day, all organizations (read "the management")
become more aware of the dangers lurking the Internet. More people learn what a
firewall is and more IT administrators soon become firewall administrators too.
However, many challenges await these people. I would try to emphasize some of
them and provide some solutions or maybe just an advice on how to cope with
Solution no. 1 - Lookup training courses for the specific firewall or firewalls that you use. Extract the "deliverables" of the course and put them in a "non-nonsense" form so your manager would not dismiss them as just (another) attempt to take few days off. Tell him or her that you will document what you have learned so the other people in your department will benefit from this. If the company will ever bring a security auditor to evaluate the IT security, this would be something for their liking (trained administrators that is).
Challenge no. 2 - Firewalls are quite different
Solution no. 2 - In dealing with new projects be proactive and find out in advance what kind of firewalls are proposed. Sometimes is just a matter of preference from the network architect. If they know in advance what is your expertise they may use the existing technology. Obtain testing hardware and perform as many tests as possible using the new firewall. If possible get training (see challenge no. 1). Lookup resources on the Internet for that specific firewall, learn about compatibility between your existing and your new firewall. Use the findings as justification for training and tests time and resources.
Challenge no. 3 - Responsible for security
Solution no. 3 - Review all the potential "dangerous" points in your IT infrastructure and identify who is responsible, if there are or not policies, who makes changes, who approves them, what are the risks and what it should be done in case of an incident. For example, take web servers - typically, the web administrators have full rights in managing these servers and most of them don't have "security" as the first priority. You would have some input regarding what protocols can go where but it would be almost impossible to review the code behind the web pages. Document and present to the management the fact that the code behind the web pages should be reviewed by security consultants specialized in this type of work, that there should be a change control policy and that every change should be reviewed, approved from a security point of view and signed off by a manager that is willing to assume responsibility. Identify administration tasks (from a security perspective) such as looking for hotfixes, service packs, new vulnerabilities, etc.. and request resources to perform these tasks (or if there are no resources, then the manager should agree that there are security risks and that he or she is assuming responsibility). You will be surprised how reluctant are managers on assuming this kind of risks and that they would rather put some effort in finding the resources.
Challenge no. 4 - Daily administration tasks
Solution no. 4 - Identify the daily administration task, their duration and the type of resource required to perform them. Present them to the manager, along with the time that you are typically given to perform them (hint, is usually 1/10 from what it should be) and ask the manager to decide which one should be "taken out". Make sure you explain why each task needs to be performed and what are the risks of not performing it. This way, you will pass the responsibility for this decision to the one paid to take it - the manager. Your job is to provide the technical knowledge and act as a consultant for the decision maker.
If you have any comments, please send them to firstname.lastname@example.org
Challenges in managing firewalls