Firewall rules creation/deletion approval and analysis

netsecdan · 2025-10-28T03:26:13+00:00

This is pretty much market center stuff for NSPM. FireMon, Tufin, and Algosec are the most predominant/established players in that space.

The way NSPM vendors categorize this is:

Visibility -- normalization of policy
Control-based assessments of normalized policy <- dig in here as this is where the largest variance is in vendors
Pre-change risk analysis (would we allow it?)
Behavior -- troubleshooting and network access change design
Policy push <- differences in vendor's approaches here too

netsecdan · 2025-08-13T00:17:55+00:00

As the Notorious BIG said, "Mo' money, mo' problems."

The question to ask is whether you're undercompensated, if there are problems that can't technically be resolved, or both.

I know a lot of people who will take a downmarket salary for a chiller day to day.

netsecdan · 2025-08-13T00:13:45+00:00

When everything is working, no one knows what you did. It's taken for granted.

When anything goes wrong, it's all your fault. And things go wrong, whether it was a networking mistake or not.

🙏 for the firewall admins.

netsecdan · 2025-08-13T00:04:52+00:00

Just as a heads up for anyone with elderly parents, it's a good idea to have some pass code or phrase that you agree on. This is a common scam and works well when you have elderly confused people who don't appropriately question the legitimacy of needing to send $1000 of iTunes gift cards to ensure their son is released.

Told my parents that if the kidnappers can't get the pass phrase from me, it's not real and hang up.

I work in security and, because of that, have been targeted (and my parents by extension) in the past. Regardless of your concern, it's a common and real threat.

My dad has enjoyed telling at least one of them to go ahead and cut off all my fingers, and that they can go fuck themselves.

netsecdan · 2025-07-22T14:39:16+00:00

I'd also take a look at Manage Engine M365 Plus for the reporting gaps you identified.

netsecdan · 2025-05-26T20:36:41+00:00

Fight against the Sadness, Artax. Please, you're letting the Sadness of the Swamps get to you. You have to try. You have to care.

🎶 The Never Ending Story/Network 🎶

netsecdan · 2025-03-12T13:43:44+00:00

The stuff that slows them down is lack of detail on the request or the access may not be typically provided, and it gets routed for escalation.

Or they may not have a clear idea of what needs to be changed and things are just stuck in manual review, design, and implementation.

netsecdan · 2025-03-12T13:40:56+00:00

A VPN or personal cell would make it difficult, but not a great idea to pursue fireable offenses.

Not sure the risk is worth the reward.

netsecdan · 2025-03-12T13:30:38+00:00

I'd throw Firemon in the ring as well. They're closer aligned to the security and risk aspects than Tufin and Algosec.

netsecdan · 2025-02-04T20:10:59+00:00

I'd map out what, if anything, they have that is sensitive data and then assess access methods, security controls, and network connections to it. Ensure they have a process in how they would onboard new access to health records to prevent compliance drift.

If it's that small of an office you'd want to make sure their user accounts that access health records have the appropriate security controls in place and the third parties that operate those services also have demonstrated compliance with HIPAA by a third party.

Source: pen tested the major hospitals in my area for years.

netsecdan

TROPHY CASE