Firewall Template Rules
From | To | Ports | Description |
---|---|---|---|
tw_monitoring_servers | tw_windows_hosts | tw_monitoring_ports | Monitoring services |
tw_rdp_servers | tw_windows_hosts | tw_rdp_ports | RDP services |
tw_ipmi_servers | tw_windows_hosts | tw_ipmi_ports | IPMI services |
g_su_admin_nets | tw_windows_hosts | tw_ipsec_ports | IPSEC services |
tw_ips_servers | tw_windows_hosts | tw_ips_ports | IPS Services |
tw_pbst_servers | tw_windows_hosts | tw_pbst_ports | Bastion Services |
Group | Members | Ports |
---|---|---|
tw_monitoring_servers | blackbeard itadmin msadmin ntadmin vmm-mgmt winadmin wst-om12 wst-ops1 wst-ops3 wst-ops1dev wst-sccm2012 itadm |
microsoft-rpc (tcp:135) netbios-ssn (tcp:139) microsoft-ds (tcp:445) wst-rpcserver(tcp:4900-5000) http (tcp:80) winrm (tcp:5985-5986) |
tw_rdp_servers | blackbeard itadmin msadmin ntadmin winadmin itadm |
microsoft-rdp-vm (tcp:2179) microsoft-rdp (tcp:3389) |
tw_ipmi_servers | blackbeard itadmin winadmin wst-commandcenter-01 itadm |
IPMI RMCP (udp:623) https (tcp:443) DRAC-vmedia (tcp:3668) DRAC-console (tcp:5900-5901) |
tw_ips_servers | wstsopohos wst-tripwire Bigfix-prod 171.67.0.240/28 Bigfix-relay 171.66.255.64/26 Bigfix-relay 171.67.29.0/25 |
tripwire (tcp:18889) sophosRMS (tcp:8192-8194) |
g_su_admin_nets | SU Admin Networks | NAT-T (udp:4500) IKE (udp:500) ESP (IP Protocol 50) AH (IP Protocol 51) |
tw_pbst_servers | crc-reserved01 crc-reserved02 crc-reserved03 e-pc-1 e-pc-2 e-pc-3 e-pc-4 e-pc-5 e-pc-6 e-pc-7 e-pc-8 |
WIN SVCS (tcp/udp:135,139,445) IPMI RMCP (udp:623) https (tcp:443) DRAC-vmedia (tcp:3668) DRAC-console (tcp:5900-5901) wst-rpcserver(tcp:4900-5000) |
Roles
Template Owner
The Template Owner is responsible for determining, maintaining and modifying the template rules and membership of the different server groups. The application owner is notified regarding any changes to the template. The template owner controls the following groups:
- template server groups
(tw_monitoring_servers, tw_rdp_servers, tw_ipmi_servers, tw_ipsec_servers, tw_ips_servers, tw_pbst_servers) - template ports
(tw_monitoring_ports, tw_rdp_ports, tw_ipmi_ports, tw_ipsec_ports, tw_ips_ports, tw_pbst_ports)
Current Template Owners
- Laurie Miller
Application Owner
The Application Owner is responsible for approving the template rules initially and for requesting the addition of hosts behind the firewall to the "windows_hosts" group.
System Administrators
System Administrators request rule approval from the application owner to put in place the template rules or to apply them to hosts (adding them to the template "windows_hosts" group).
ISO Security
The ISO group will audit the rules and make recommendations as needed or upon request from either the System Administrators or the Application Owners. In addition, any changes to this template must be reviewed by ISO prior to implementation.