In my opinion the security manager in conjunction with the firewall
technical experts should be responsible to accomplish the initial setup,
configuration and testing of the firewall. The security manager should
be responsible for authorizing any changes and to see that periodic
audits are perform. The latter to ensure the firewall's operational
compliance with the corporate security policy. Day to day operations
should be left to the network operations personnel. It has been my
experience that most firewall configuration changes are not difficult
and operations personnel should be able to accomplish them. An
alternative is to have the technical expert perform do changes.
Authorized changes should be tested by a technical expert to ensure they
meet their intended purpose.
In any case my opinion is that computer/network security is a function
of system operations and operations personnel should be responsible for
it. Operations personnel are the ones that are most likely to detect
changes to the system and are your best first line of defense if they
have been trained to be security aware.
It will be interesting to hear what others have to say.
> -----Original Message-----
> From: Judy Altrudo [SMTP:altrudjl @
> Sent: Monday, April 14, 1997 5:19 PM
> To: firewalls @
> Subject: Managing Firewalls
> Your views on who in an organisation should be responsible for
> firewalls would be appreciated.
> I raise this topic as in large organisation where there is dedicated
> team who are responsible for testing security products, installing and
> providing a daya to day security might be considered the best area for
> the above.
> On the otherhand, the network people (those responsible for installing
> and configuring routers etc) might also be considered to be the most
> appropriate area.
> Because firewalls involve both security and network, it isn't obvious
> me where the responsibility should lie.
> Any views ?
> Thanks, JA