Firewall Management

[badbeagle]

Can someone give me some advice on how you manage your firewall? I am curious to know how you handle requests to open ports on the firewall. There are many times that we are requested to open a port on the firewall but how do you tell if it is reasonable or not. Obviously poking holes in the firewall is not secure but some business cases are made and it has to be done. Are there any sites etc that you can check to know if there has been an vulnerabilites on certain ports? What steps do you use to assess the risks?

[melipla]

There are a lot of sites you can use to check. Try doing a google search for your port and protocol like "tcp 10000" and see what you get. My favorite is SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc They have a search at the top for port.

Otherwise it comes from a lot of experience in knowing which applications use what ports, what type of information is typically passed over that port, is it encrypted communication. There are other steps you can take like create the most specific rule you can by specifying source and destination and ports. Smart Defense and the UTM features also go a long way to monitoring traffic as well.