Versions Compared

Version Old Version 12 New Version Current
Changes made by

Joshua Drummond

Joshua Drummond

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Purpose

The goal of this is to give trusted people on campus and within OIT, who request a lot of firewall rule changes or need to audit rules for their group, read-only access to firewall rules in a secure manner.  People often request access so they can audit their rules without a manual request of the security team, and want to be more knowledgeable of existing rules when they request new changes from the security team.  This will replace the insecure practice of emailing firewall rule configurations or people saving them locally.  However in most cases they still have to know how to interpret a raw Cisco ASA configuration.

...

  1. Network Restriction: Limited to on-campus or via VPN
  2. Authentication: WebAuth + Duo Multi-Factor Authentication (instructions here)
  3. Authorization: KSAMS role membership (access request instructions here/wiki/spaces/IAMDOCS/pages/9372131)
    1. For Campus Server Registration access: ITSEC "Firewall Rule Viewer - Campus" role
    2. For OIT internal access (which includes the campus access too): ITSEC "Firewall Rule Viewer - OIT" role

...