Scribd Logo
Upload

Welcome to Scribd!

  • 2 views

    Common Mistake N Expected Request - Firewall

    Uploaded by

    jumasis14

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Common Mistake N Expected Request - Firewall

    Uploaded by

    jumasis14
    2 views3 pages

    Original Title

    Common Mistake n Expected Request_Firewall

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xlsx, pdf, or txt
    2 views3 pages

    Common Mistake N Expected Request - Firewall

    Uploaded by

    jumasis14

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xlsx, pdf, or txt
    of 3

    No Common Mistakes

    1 Using unencrypted or Insecure Port & Protocol 8080 & 80 (http) and 21 ( ftp )
    2 Using Old Form (never using form from Remedy directly)

    3 Upload more than 1 request firewall form per ticket


    4 Blank Mandatory Fields
    5 Not Details in Requirement Column, example : "MKIOS to TC" or "TC Integration"
    6 Open Management port (ex: 22,3389,21) from 3rd Party or Internet

    7 Open Management port (ex: 22,3389,21) from VPN Segment

    8 Open Large Segment (ex:10.0.0.0/8 or 10.0.0.0/24)

    9 Open Large Range Port (40000-60000)

    10 Request Open Non-Prod to Prod or vice Versa


    11 Open IP OAM to Payload Purpose (Apps to Apps Communcation)

    12 Open IP Service to Management Purpose (LDAP, UIM, Splunk, PAM, AV, etc)

    13 Not Attach Docs Requirement


    14 Same Segment Open Connection
    15 Open Connection from "VS" LoadBalancer to Member (Server)
    16 open connection (RDP/SSH) from BHSAM into production server
    What We Expected
    Using Secure Port & Protocol 443 (https) and 22 (sftp)
    Using New Form (available on Remedy)

    1 ticket only allow to request 1 firewall request form with maximum 100 row, another slot attachment just for
    supporting document (Data Potential, BA-VA, Topology infra & Diagram dataflow)
    Fulfill All Mandatory Fields (Red Column)
    Fulfill with Purpose of open connection
    Not Open Management port (ex:3389,21) from 3rd Party or Internet

    All OAM/Mgmt propose MUST allow ONLY from PAM CyberSecurity System or BHSAM/RDP Jumphost

    As spesific as possible (if needed please give detail justification in remark column)

    Open Specific Port (22,443,48443) (if needed please share also supporting document from application)

    Request Non-prod to Non-prod, Prod to Prod & Pre-prod to Prod or vice versa
    Open IP Service to Payload Purpose (Apps to Apps Communcation)

    Open IP OAM to Management Purpose (LDAP, UIM, Splunk, PAM, AV, etc)

    Upload Docs Requirement such as :


    - Form Request Firewall
    - Email GM Approval (GM Requestor & GM Apps Surrounding/Related)
    - BA - VA ( For Communication with 3rd Party)
    - BA - VA & BA Pentest ( For Communication from/to Internet)
    Same Segment don’t need request open firewall, traffic not passed the Firewall
    Open Connection from "SNAT", Self IP & Floating IP LoadBalancer to Member (Server)
    have to using PAM (if production server)
    Type Request
    Firewall
    Firewall

    Firewall
    Firewall
    Firewall
    Firewall

    Firewall

    Firewall

    Firewall

    Firewall
    Firewall

    Firewall

    Firewall
    Firewall
    Firewall
    Firewall

    You might also like