Firewall Rules Review – Best Practices
- Firewall Rule Change Control Form should be used for each firewall rule addition or modification.
- Details to be captured:
- Requesting Department
- Requestor from the Requesting Department
- Approver from the Requesting Department
- Source IP, Hostnames and Ownership Information
- Destination IP, Hostnames and Ownership Information
- Destination Port that needs to be Opened in the Firewall
- Business Justification for the Firewall Rule
- The width of the rule (source, destination and ports being allowed) should be as minimum as possible.
- Duration of Applicability (As minimum as possible)
- Approver from Reviewing Department
- Unique ID to identify the Firewall Rule
- Date of Request of Firewall Rule
- Date of Final Approval of Firewall Rule
- Quarterly review should be performed on firewall rules. Expired rules should be removed after confirmation from the Requestor Department Manager.
- Annual review should be performed on non-expiring firewall rules. Rules should be removed unless approved by the Requestor Department Manager.