[unisog] Firewall Administration

Alex Tirdil AJTIRDIL at salisbury.edu
Wed Jun 8 18:19:51 GMT 2005


My network team manages everything specifically network-related (such as
the firewall, core/edge switches and the router).  However my school,
Salisbury University, is a smaller school with around 10,000 people.  If
it was larger, we might have a separate "IT Security" team like you
have.  In any event, our IT is broken into 3 main sections...Network
Infrastructure, Server Team, and Desktop Support.  Firewalls fall under
Network Infrastructure

Since we maintain the firewall and the network as a whole, I can give
you some of the Pros at least.
-  Access to the firewall can make network troubleshooting easier (is
this port open?  why is my traffic being blocked?)
-  Sometimes a firewall can just go haywire and disrupt all
outgoing/incoming connections to the internet...If the network team
notices this (they probably will first) then they can easily go in and
reboot the firewall to at least fix the situation temporarily.

I will say this, when I get faculty/staff that call me and want me to
help them troubleshoot a network connection, the firewall is one of the
things I look at first.  Also, in my opinion, the network team should be
able to have access to EVERYTHING that can cause problems to a network
connection.  That would mean firewalls, switches, routers, hubs and the
like.

I could guess at some Con's (untrained personal messing with firewall
settings), but I am sure others will respond to this.  I don't have any
personal experience with the con's of this, because like I said my
network team fully manages the firewalls on-campus.


-alex t
Salisbury University


>>> LeeAnne.Hart at montgomerycollege.edu 06/08 1:29 PM >>>
If you don't mind sharing, who maintains your firewalls - hardware and
operating system, not the firewall software? Currently, our IT
Security
team are the only people with access to our firewalls, but our
networking group is asking for some rights to maintain the hardware
and
to be able to reboot them. I have mixed feelings about this and wanted
to know how other organizations handle this. Also, what are some of
the
pros and cons of this?  Thanks,

Lee Anne Hart
IT Security Analyst
Montgomery College


More information about the unisog mailing list