10.1.4 Separation of Development, Test, and Operational Facilities

Illustrative Controls and TIBCO LogLogic Solution

Administrators must identify all critical servers and applications have been properly isolated from the rest of the organization. The most prevalent method of isolating these functions is to use firewalls to protect the related servers and applications.

Administrators must identify all changes to firewall and router configurations and ensure that a formal process is in place for all changes, including management approval and testing for all changes to external network connections and the firewall configurations. Administrators must also ensure all changes are authorized and that rule sets are periodically reviewed.

The most efficient way to identify configuration changes is at the time of the modification. Administrators should setup alerts so that any changes to the configuration of network systems and devices, authorized or otherwise, are detected and notified. Administrators must periodically review all firewall rules to ensure an accurate access control list. Administrators must correlate network traffic with the firewall policy to validate that the appropriate rules are in place to protect the company.

In addition, no firewall in any company should allow the use of any known risky services or protocol. These known risky services provide intruders an easy way into the company. Administrators must identify all protocols and services that are considered risky to pass through the firewall. These risky services include, but not limit to, FTP (21/tcp), Telnet (23/tcp), Rlogin (513/tcp), Rsh (514/tcp), Netbios (137-139/tcp,udp), and others. Any risky protocols or services must be immediately removed from the firewall policies.

TIBCO LogLogic reports and alerts augment processes and procedures to protect information assets from a larger organization by recording and reporting on the addition of new users from the larger organization on clearinghouse servers and systems and attempted access from other network segments.

Reports and Alerts

Use the following link/reference to see the 10.1.4 reports and alerts: TIBCO LogLogic Reports and Alerts Quick Reference.