Your network administrator recently made a change to your firewall rules. Since his recent promotion to management, some of these changes are leaving part of your DMZ open to attack. You are trying to acquire backup help, but these skills are in demand throughout your organisation and no backup is available. Your third shift staff is not as skilled and is unable to determine how to correct the exposure. What options do you have?
- Services to keep your firewall current, secure and functional
- Advanced firewall services for improved network protection
- Extended capabilities - log file analysis
- Remote monitoring of your firewall
The demand for firewall management is on the rise. Companies are struggling with the pace of technology changes, new security threats, dynamic network structures, rapid network growth, as well as the challenge of maintaining a quality staff. A correctly configured and well-maintained firewall can be a very effective piece of your security solution. It could very easily mean the difference between a successful stronghold and embarrassment.
There is nothing glamorous about firewall management, yet it is one of the keys to maintaining a secure environment. Outtasking of firewall management allows you to avoid the routine problems while ensuring or even enhancing security.
The firewall management service includes:
- IBM, CheckPoint and Cisco PIX firewalls
- unlimited changes to the existing firewall configuration
- firewall software and operating system updates.
IBM Check Point and Cisco PIX certified firewall engineers can perform the following customer requested changes by the end of the next business day:
- changes to the firewall rule base
- changes to system and/or group definitions
- changes to the authentication configuration established at the user, client, and session levels
- changes to the network routing tables and ACLs
- changes to the system back-up schedule
- changes to system alerts, monitoring, and logging functions
- changes and upgrades to firewall software, per licensing agreement(s)
- changes and upgrades to the operating systems of servers directly supporting firewall components and functionality
At your request, IBM will perform IBM firewall software changes via an authenticated and encrypted connection.
These changes, completed by the end of the next business day, may consist of two of the following per calendar week:
- changes to the firewall filter rules
- changes to system and user accounts
- changes to the SOCKS configuration
- changes to the proxy configuration
- changes to the token-based authentication configuration
- changes to the operating system security features
- installation of security patches
- changes to network routing tables
- changes to the DNS
- changes to the e-mail subsystem
- changes to the system backup schedule
- changes to system alert, monitoring and logging functions
Log file analysis
In review of the log files, the following will be performed:
- The log files will be subjected to automatic analysis procedures designed to identify well-known attack signatures
- Any anomalies discovered by this process will be communicated to your firewall coordinator
- A report will be provided to you monthly summarizing the results of the analysis
Advanced firewall services
IBM firewall engineers can:
- provide consulting services to assist you with the development and implementation of your firewall rule base
- define load balancing and tuning of your content servers behind your firewall
- reconfigure your DNS and coordinate these efforts with the INTERNIC
- make changes to the supported encryption configuration and domains of your enabled client(s) to your firewall VPNs (or firewall-to-firewall VPNs if multiple firewalls are being administered)
- reconfigure your electronic mail subsystem
- perform network routing table(s) addition(s), subtraction(s) and ACLs
- perform system rebuilds following a hardware or software failure, using hardware and/or software provided by you
- implement changes to externally established authentication and password protection systems, such as Steel-Belted Radius, Secure ID, and/or Telemate.
- Firewall modification to provide query capability to mechanisms that contain user ids and passwords
- make changes to the supported encryption configuration and domains of your enabled client(s) to your firewall VPNs (or firewall-to-firewall VPNs if multiple firewalls are being administered
- implement changes to content security systems utilizing Content Vectoring Protocol and/or URL filtering protocol.