Skip to content Skip to site navigation

Firewall Roles & Responsibilities [DRAFT]

Application Owner Responsibilities:

  • Request new firewall resources (new firewall, new security zone/leg).
  • Request consulting if/when necessary from the Information Security Office.
  • Request and approve firewall requests for both application specific and template rules.
  • Assign hosts to a security zone/leg.
  • Manage the membership of a security zone/leg Ð manage growth and moving hosts into or out of a zone.
  • Remove firewall rules for hosts that are being decommissioned.
  • Provide host name suggestions to System Administrator for use in NetDB.
  • Designate roles for staff (VPN membership requester, firewall rule requester, firewall rule approver).

System Administrator Responsibilities:

  • Request switch ports for hosts based upon Application Owner designating security zone/leg Ð send an email to firewall-team@lists.stanford.edu.
  • Request cabling of host to switch.
  • Assign IP addresses in NetDB for firewall hosts.
  • Assign unique names to each IP in NetDB in order to avoid confusion when rules are applied Ð this is critical when hosts move within the firewall architecture so that rules are not placed against the wrong IP address.
  • Ensure that NetDB name changes for hosts behind a firewall are emailed to firewall-team@lists.stanford.edu.
  • Request appropriate template rules for your host (backup, linux, solaris or windows).
  • Request appropriate optional template rules for your host if known.

Database Administrator:

  • Request that appropriate firewall rules are in place to do your work.
  • DBAs use the Administrative VPN. They request SSH access & that specific database ports are open via VPN.

Facilities Engineering:

  • Install hardware in racks.
  • Install network cabling between hosts and switches and other infrastructure devices.
  • Resolve cabling conflicts and issues.

Information Security Officer:

  • Provide optional consulting on security.
  • Provide input to the template rules when disagreement exists.

Project Coordinator:

  • Provide assistance in achieving the project goals and ensuring that progress is being made.

Account Manager:

  • Coordinate with client and all parties to ensure that the client experience is satisfactory.

Firewall Contact:

  • Primary contact within the Firewall Team for this project.
  • Work within the project may be completed by a different team member.
Last modified June 11, 2014