Scribd Logo
Upload

Welcome to Scribd!

  • Firewall Management Policy

    Uploaded by

    Shah Khan
    31 views5 pages
    Firewall Management Policy

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Firewall Management Policy

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views5 pages

    Firewall Management Policy

    Uploaded by

    Shah Khan
    Firewall Management Policy

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    FIREWALL

    MANAGEMENT
    POLICY

    1
    © Distributed by Resilify.io under a Creative Commons Share Alike License.
    Firewall Management Policy
    Version Control
    Owner Version Edited By Date Change History
    IS Rep 0.1 Assent 14/07/2016 First Draft

    Distribution
    Held Format Location Comments
    By
    User Digital / Physical

    Status
    X Status Approved By Date
    Working DD/MM/YYYY
    X Draft
    Provisional Approval
    Publication

    Classification
    X Confidential
    Restricted
    Unclassified

    Relevance to Standard

    Standard Clause Title

    [ISO 27001:2013] [A13.1.2] [Security of Network Services]

    License

    Licensed by Assent Risk Management via Resilify.io Under a Creative Commons Share Alike License.

    2
    © Distributed by Resilify.io under a Creative Commons Share Alike License.
    Contents

    Firewall Management Policy_____________________________________________________________________2


    Contents_______________________________________________________________________________________________3
    Firewall Management Policy_____________________________________________________________________4
    1.0 Overview______________________________________________________________________________________4
    2.0 Policy___________________________________________________________________________________________4
    2.1 Implementation_______________________________________________________________________________________4
    2.2 Configuration__________________________________________________________________________________________4
    2.3 Firmware_______________________________________________________________________________________________5
    2.4 Monitoring_____________________________________________________________________________________________5
    2.5 Testing_________________________________________________________________________________________________5

    3.0 Related Policies_______________________________________________________________________________5

    3
    © Distributed by Resilify.io under a Creative Commons Share Alike License.
    Firewall Management Policy

    1.0 Overview

    The firewall management policy describes the organisation’s approach to


    protecting the boundary of its corporate network and network services. 

    2.0 Policy

    2.1 Implementation

    The organization will deploy suitable firewall devices at the boundaries of


    its corporate network to manage traffic crossing between the public
    (Internet) and private networks.

    2.2 Configuration

    The organization recognizes that some network services require rules


    permitting Inbound, Outbound or Both in order to function correctly.

    Both user and network services access to the private network will be
    provided according to the Access Control Policy.

    The MD will give authority to implement new firewall rules or change


    existing rules only, on the advice of the approved IT Support
    Company. Authority must be provided in writing; an email is acceptable.

    Rules which are no-longer required will be removed or disabled from the
    firewall as soon as possible. To preserve the principles of ‘need-to-know’
    and ‘need-to-use’ the approved IT Support Company may remove rules
    immediately and without authorization of the MD, where they are satisfied
    that the related service is no longer used or where permitting access
    through the firewall presents a significant risk to the network. 

    All rules configured on the firewall will be reviewed by the IT Support


    Company and agreed by the MD on an annual basis.

    4
    © Distributed by Resilify.io under a Creative Commons Share Alike License.
    2.3 Firmware
    The firewall’s firmware will be kept up-to-date.  

    The approved IT Support Company will check for updates to the firmware
    a minimum of once per month and apply all available updates within
    30days of their release.

    Network connectivity will be tested and verified after the firmware has
    been updated.

    The Firewall’s configuration data will be backed-up prior to the installation


    of new firmware and a minimum of 3 generations of the data will be held
    off-site.

    2.4 Monitoring

    The firewall retains a 30 days of log data that can be used for
    troubleshooting or investigatory purposes.

    Due to the large volume of log data, only critical alerts will be emailed to
    the approved IT Support Company.

    2.5 Testing

    The firewall will be tested, at least annually, from outside the network
    using tools including:

     UPnP SSDP Test: https://www.grc.com/shieldsup 


     Open Ports: http://mxtoolbox.com/PortScan.aspx 

    3.0 Related Policies


     Password Policy.
     Access Control Policy
     Patching Policy

    5
    © Distributed by Resilify.io under a Creative Commons Share Alike License.

    You might also like