This week’s network security tip looks at process and the human element when it comes to the security change management process. A lot of the breakdown occurs because of the different teams involved working in their own silos where the impact of the change request might not be fully understood. For example, application owners, network operations personnel and security administrators don’t speak the same language and a lot can get lost in translation. So with that premise, here’s the tip from our own Kyle Wickert up in Canada:
“Always second guess requests and ask for rationale/justification. It is a rare occurrence when the original draft of a firewall change requests ends up being what is truly implemented on the firewall. Security and network teams should set a high expectation for supporting justification of IPs and services requested within their firewall change process. It is all too common for developers or business analysts to “throw paint at the walls” when it comes to opening connectivity. Each individual dataflow being requested should be truly necessary and not the result of guess work.”
Thanks Kyle for the tip. We continue to look for these types of network security tips, so if you have one, send it our way!
Receive notifications of new posts by email.