From the blog.

Managing Digital Racket
The more I tune out, the less I miss it. But that has presented me with some complex choices for a nuanced approach to curb
Complexity – My Friend, My Enemy
Over my years of network engineering, I've learned that the fewer features you can implement while still achieving a business goal, the better. Why? Fewer
firewall

Firewall Administration for Sysadmins in Four Parts

274 Words. Plan about 1 minute(s) to read this.

I wrote a long blog post for Network Computing that ended up published in four parts. The topic was helping sysadmins understand what firewall appliances do, and therefore how best to ask for firewall assistance from those who manage them.

Firewall Administration For Sysadmins: A Primer

Firewall configurations can be astonishingly complex. Firewall administrators deserve love and respect, as making the firewall not only pass traffic, but also pass it securely, is no simple task. The more complex the security policy, the harder it is to keep the firewall running properly.

Firewall Administration For Sysadmins Part 2: Key Concepts

From a networking perspective, applications are unpredictable, as are application architectures. Therefore, firewall administrators are not trying to be difficult when they push back on an ambiguous firewall change request. Rather, details are absolutely critical to successfully fulfilling the request in a secure manner. This is perhaps the chief source of friction between firewall administrators and sysadmins.

Firewall Administration For Sysadmins Part 3: Application Planning

During application implementation, the security team is called on to open firewall ports. The presumption is that this is a simple task. As I hope I’ve established in this series, opening ports might or might not be so simple. Asking the firewall administrator to “open these ports” is akin to a network administrator asking a sysadmin to “spin up a VM” to support a newly acquired network appliance.

Firewall Administration For Sysadmins Part 4: Communication Tips

Sysadmins who understand the network behavior of their applications will be better able to communicate their needs. Network and security folks have general working knowledge of protocols, but aren’t going to know intimate application details.

firewall