Template Rules
Traffic Inbound to the Firewall
From | To | Ports | Description |
---|---|---|---|
tasm_tripwire_svrs | ANY | tasm_tripwire | AS Tripwire Services |
tasm_em_svrs | ANY | tasm_em | AS EM Services |
tasm_scan_svrs | ANY | ANY | AS Security Scanning Services |
tasm_bastion_svrs | ANY | tasm_bastion | AS Bastion Services |
tasm_infra_svrs | ANY | tasm_infra | AS Infrastructure Services |
tasm_manage_svrs | ANY | tasm_manage | AS Management Services |
tasm_nagios_svrs | ANY | tasm_nagios | AS Nagios Services |
tasm_backup_svrs | ANY | tasm_backup | AS Backup Services |
tasm_paw_vpn | ANY | tasm_paw_linux | AS Linux PAW Access |
Host Group Object Definitions
Group | Members |
---|---|
tasm_tripwire_svrs | asiaappprd6 | 171.67.39.23 |
tasm_em_svrs | asiaappg1prd98 | 171.67.5.2 asiaappg1prd99 | 171.67.5.3 ciaappg1prd01 | 171.67.5.12 ciaappg1prd02 | 171.67.51.194 |
tasm_scan_svrs | as-qualys-d65 | 171.67.42.130 as-qualys-i27 | 171.67.42.133 |
tasm_bastion_svrs | asinfraprd01 | 171.67.38.8 asinfraprd06 | 171.67.38.9 asinfraprd22 | 171.67.42.199 ascoreinfra01 | 171.67.39.3 jetfire | 171.67.39.14 solitude | 171.67.39.25 |
tasm_infra_svrs | asiaappprd6 | 171.67.39.23 asinfraprd05 | 171.67.42.137 asinfraprd06v | 171.67.39.30 asinfraprd08 | 171.67.42.140 asyumprd01 | 171.67.42.189 asyumprd02 | 171.67.42.219 nwinfraprd04 | 172.20.134.12 ascoreinfra01 | 171.67.39.3 jetfire | 171.67.39.14 |
tasm_manage_svrs | asinfraprd03 | 171.67.39.2 asinfraprd20 | 171.67.39.8 asinfraprd23 | 171.67.42.178 |
tasm_nagios_svrs | asinfraprd09 | 171.67.42.148 nagios01 | 171.67.217.115 nagios02 | 171.67.217.114 |
tasm_backup_svrs | asinfrastore95 | 171.67.42.191 asinfrastore97 | 171.67.42.169 aspinfrastore98 | 171.67.42.155 asinfraaws99 | 171.67.42.200 |
tasm_paw_vpn | AS PAW Network | 171.67.52.0/23 |
Service Group Object Definitions
Group | Ports |
---|---|
tasm_tripwire | tcp: 8080 tcp: 18889 |
tasm_em | tcp: 22 tcp: 1159 tcp: 3872 tcp: 4889 tcp: 7799 |
tasm_bastion | tcp: 22 |
tasm_infra | tcp: 80 tcp: 443 |
tasm_manage | tcp: 135 tcp: 139 tcp: 445 tcp: 8192-8194 tcp: 4900-5000 tcp: 3389 tcp: 80 tcp: 2607 tcp: 443 tcp: 22 tcp: 1311 udp: 161-162 |
tasm_nagios | tcp: 5666 tcp: 12489 tcp: 80 tcp: 443 |
tasm_backup | tcp: 5555 |
tasm_paw_linux |
tcp: 22 |
Roles
Template Owner
The template owner is responsible for determining, maintaining, and modifying the template rules and membership of the different server groups. The application owner is notified regarding any changes to the template.
Current Template Owners:
- Armand Capote
- Stanley Lee
- Laurie Miller
- Calvin Hom
Application Owner
Responsible for approving the template rules initially and for requesting the addition of hosts behind the firewall to the "windows_hosts" group.
System Administrators
Request rule approval from the application owner to put in place the template rules or to apply them to hosts (adding them to the template "windows_hosts" group).
ISO Security
The ISO group will audit the rules and make recommendations as needed or upon request from either the System Administrators or the Application Owners. In addition, any changes to this template must be reviewed by ISO prior to implementation.