Firewall Roles & Responsibilities [DRAFT]
Application Owner Responsibilities:
- Request new firewall resources (new firewall, new security zone/leg).
- Request consulting if/when necessary from the Information Security Office.
- Request and approve firewall requests for both application specific and template rules.
- Assign hosts to a security zone/leg.
- Manage the membership of a security zone/leg Ð manage growth and moving hosts into or out of a zone.
- Remove firewall rules for hosts that are being decommissioned.
- Provide host name suggestions to System Administrator for use in NetDB.
- Designate roles for staff (VPN membership requester, firewall rule requester, firewall rule approver).
System Administrator Responsibilities:
- Request switch ports for hosts based upon Application Owner designating security zone/leg Ð send an email to firstname.lastname@example.org.
- Request cabling of host to switch.
- Assign IP addresses in NetDB for firewall hosts.
- Assign unique names to each IP in NetDB in order to avoid confusion when rules are applied Ð this is critical when hosts move within the firewall architecture so that rules are not placed against the wrong IP address.
- Ensure that NetDB name changes for hosts behind a firewall are emailed to email@example.com.
- Request appropriate template rules for your host (backup, linux, solaris or windows).
- Request appropriate optional template rules for your host if known.
- Request that appropriate firewall rules are in place to do your work.
- DBAs use the Administrative VPN. They request SSH access & that specific database ports are open via VPN.
- Install hardware in racks.
- Install network cabling between hosts and switches and other infrastructure devices.
- Resolve cabling conflicts and issues.
Information Security Officer:
- Provide optional consulting on security.
- Provide input to the template rules when disagreement exists.
- Provide assistance in achieving the project goals and ensuring that progress is being made.
- Coordinate with client and all parties to ensure that the client experience is satisfactory.
- Primary contact within the Firewall Team for this project.
- Work within the project may be completed by a different team member.
Last modified June 11, 2014