[unisog] Is anyone using the Cisco FWSM - auditing
michael.holstein at csuohio.edu
Wed Jul 6 15:59:28 GMT 2005
> Could any network engineer with the enable password make changes to FWSM
Unless you use the 'privilege' command to restrict it, yes.
Note that the FWSM and the switch it resides in are separate devices.
> Could FWSM access be delegated only to specific users.
Of course. See above.
> I am concerned that ~networks team could make changes without following
> proper change controls.
Ahh .. you've encountered the 8th layer of the OSI model .. POLITICAL.
You might make the argument that networking has no need to control the
ACLs in the firewall .. only the interfaces and their IP/VLAN.
You can do this with the 'privilege' command.
> Whats the best policy management tools?
Unfortunately, there isn't even a 'really good' one. VMS tries to fit
the bill, but like the rest of Ciscoworks, it's still a *lot* more
cumbersome than the CLI.
Michael Holstein CISSP GCIA
Cleveland State University
More information about the unisog