Ethan Banks Not writing about IT.

Firewall Administration for Sysadmins in Four Parts

F

I wrote a long blog post for Network Computing that ended up published in four parts. The topic was helping sysadmins understand what firewall appliances do, and therefore how best to ask for firewall assistance from those who manage them.

Firewall Administration For Sysadmins: A Primer

Firewall configurations can be astonishingly complex. Firewall administrators deserve love and respect, as making the firewall not only pass traffic, but also pass it securely, is no simple task. The more complex the security policy, the harder it is to keep the firewall running properly.

Firewall Administration For Sysadmins Part 2: Key Concepts

From a networking perspective, applications are unpredictable, as are application architectures. Therefore, firewall administrators are not trying to be difficult when they push back on an ambiguous firewall change request. Rather, details are absolutely critical to successfully fulfilling the request in a secure manner. This is perhaps the chief source of friction between firewall administrators and sysadmins.

Firewall Administration For Sysadmins Part 3: Application Planning

During application implementation, the security team is called on to open firewall ports. The presumption is that this is a simple task. As I hope I’ve established in this series, opening ports might or might not be so simple. Asking the firewall administrator to “open these ports” is akin to a network administrator asking a sysadmin to “spin up a VM” to support a newly acquired network appliance.

Firewall Administration For Sysadmins Part 4: Communication Tips

Sysadmins who understand the network behavior of their applications will be better able to communicate their needs. Network and security folks have general working knowledge of protocols, but aren’t going to know intimate application details.

firewall

By Ethan Banks
Ethan Banks Not writing about IT.

You probably know Ethan Banks because he writes & podcasts about IT. This site is his, but covers other stuff.

Get the details on his about page.