Firewall Rule Change Request Form

Firewall Rule Change Request Form

1Carleton University Information Security,

CONFIDENTIAL & SENSITIVE, Version 03August27, 2015

In order to properly maintain the security of the Carleton University network infrastructure, the configuration of rules on CCS-managednetwork firewalls must be properly maintained.Changes to the rule configuration of CCS-managed firewalls must follow the procedures described in this document (see below “Instructions for Requesting Firewall Rule Change on CCS-managed Firewall”).

Unless an emergency change is required (see next page), the Network Services group will not make firewall changes without a completed Firewall Rule Change Request Form.

Instructions for Requesting Firewall Rule Change on CCS-managed Firewall:
1.The requestor will complete the Firewall Rule Change Request Form and submit it to the CCS Service Desk requesting to open a ticket. The Firewall Rule Change Request Form must be submitted in MS Word format. The form is located at (provide link).
2. The CCS Service Desk will log the request and create a ticket in CSM. The Firewall Rule Change Request Form will be attached to the ticket.
3. The CCS Service Desk will review the Firewall Rule Change Request Form to ensure that all required information is in the form. If the information is complete, the CCS Service Desk will assign the ticket to Information Security. If the information is incomplete, the CCS Service Desk will contact the Requestor and assist in completing the form correctly. If changesare made in the form, the Requestor is required to re-submit the updated form to the CCS Service Desk.
4. Information Security will review the ticket and Firewall Rule Change Request Form. If required, Information Security will coordinate with the Requestor.
5. If Information Security approves the request the ticket will be assigned to Network Services for implementation. If the request is denied, Information Security will notify the requestor and close the ticket.
6. For approved requests, Network Services will implement the request. If needed, Network Services will contact the Requestor and/or Information Security.
7. Upon completion of the request, Network Services will close the ticket.
Section A – Contact Information

• Requestor Name:

• Phone ext:

• Email:

• Secondary Contact Name:

• Secondary Phone ext:

• Secondary Email:

• Dept Name:

• Date of Request:

Section B – MANDATORY REQUIREMENT - Business Reason for the Change

1Carleton University Information Security,

CONFIDENTIAL & SENSITIVE, Version 03August27, 2015

Section C–Overview of Firewall Change

• Desired date of change:
• Date of Expiry (not to exceed 5 years) YYYYMMDD:
• What is the nature of this change:

Add a new system or a new firewall rule
Change an existing system or existing firewall rule
Move an existing system between networks
Remove/disable an existing system or existing firewall rule
Section D – Firewall Rule Change Information

• Please complete the table below. The rules described in the table below will be applied to the firewall to grant/restrict access appropriately. If you require assistance, please contactthe CCS Service Desk.

Source
(Identify either Host, Network, or User Group) / Destination
(Identify the Host, network, or User Group to which you are trying to permit/deny access) / Port / Service
(List the port/service to be opened/closed) / Permit/Deny
(Indicate whether you are trying to ‘permit’ or ‘deny’
Summary: (In general terms, describe the network communications that the above rules are intended to achieve. Please also describe the type of information, data classification and sensitivity)
Section E – MANDATORY REQUIREMENT

• Are the Endpoints Hardened to Industry Standards?: Y N Don’t know

• Are the Endpoints Running Security Software?: Y N Don’t know

• Are the Endpoints Regularly Patched?: Y N Don’t know

• I consent to having CCS perform a vulnerability assessment scan on this system prior to approving this request? : Y N Don’t know

Note: Failure to consent to a vulnerability assessment may result in rejection of this request
If you answered “Don’t know” to any of these questions please provide details as to why this particular response is selected:
______
Emergency Changes:
Under certain circumstances, an emergency change to the firewall configuration may be required. The following scenarios constitute a need for emergency changes to the firewall:

• To respond to a security attack against Carleton University IT infrastructure; and
• To provideimmediate access to existing services that are essential to support the business of the University.

All other firewall changes must follow the regular change procedure described within this document.
In the event that an emergency change must be made to the firewall configuration, do the following:

1. Please notify the CCS Service Desk. This may be done via email or phone.
2. Provide Network Services with details of the required change.
3. The Firewall Rule Change Request Form for the change must be completed and submitted to the CCS Service Desk by the Requestor within 2 business days or the change will be reversed.

This section is for completion by CCS
Is the Requestor Identity Confirmed? Y N
Was a VA (Vulnerability Assessment) Performed? Y N
Request Status:
Approved:
Rejected:
Reason for rejection:
Approval Signature: Date:

43

1Carleton University Information Security,

CONFIDENTIAL & SENSITIVE, Version 03August27, 2015