{"id":2403,"date":"2019-10-14T20:51:14","date_gmt":"2019-10-15T00:51:14","guid":{"rendered":"https:\/\/zzzptm.com\/wordpress\/?p=2403"},"modified":"2019-10-14T20:51:14","modified_gmt":"2019-10-15T00:51:14","slug":"auditing-firewalls","status":"publish","type":"post","link":"https:\/\/zzzptm.com\/wordpress\/?p=2403","title":{"rendered":"Auditing Firewalls"},"content":{"rendered":"\n<p>There&#8217;s an old Robert Frost poem, &#8216;Mending Wall&#8217;, that I&#8217;d like to&nbsp;<s>pirate<\/s>&nbsp;draw inspiration from and make a few adaptations to, if you don&#8217;t mind&#8230;<\/p>\n\n\n\n<p><em>Auditing Firewalls<\/em><\/p>\n\n\n\n<p><em>Something there is that doesn&#8217;t love firewalls,<\/em><br><em>That opens the ports, many and varied,<\/em><br><em>And spews out the code in plain text in prod;<\/em><br><em>And makes gaps even two can pass abreast.<\/em><br><em>The developers&#8217; work&#8217;s another thing:<\/em><br><em>I have come after them and made repair<\/em><br><em>Where they have left not one single port blocked,<\/em><br><em>But they would have the code loaded straight to prod,<\/em><br><em>To please the yelping dogs. The gaps I mean,<\/em><br><em>No one has seen them made or heard them made,<\/em><br><em>But at spring audit-time we find them there.<\/em><br><em>I let my neighbor know in the next cube;<\/em><br><em>And on a day we meet to read configs<\/em><br><em>And set firewalls between us once again.<\/em><br><em>We keep firewalls between us as we go.<\/em><br><em>To each open ports that have opened to each.<\/em><br><em>And some are ranges and some are in groups<\/em><br><em>We have to use a spell to keep them all closed:<\/em><br><em>&#8216;Stay where you are until our backs are turned!&#8217;<\/em><br><em>We wear our fingers rough with scrolling down.<\/em><br><em>Oh, just another dull video game,<\/em><br><em>I call out the new insecurities<\/em><br><em>There where it is we all need those firewalls:<\/em><br><em>Where contractors connect to prod boxes<\/em><br><em>Where file servers sit, shares all exposed<\/em><br><em>To outsiders&#8217; eyes. And we accept risk.<\/em><br><em>He just says, &#8216;Good firewalls make good neighbors.&#8217;<\/em><br><em>Spring is the mischief in me, and I wonder<\/em><br><em>If I could put a notion in his head:<\/em><br><em>&#8216;Why do they make good neighbors? Isn&#8217;t it<\/em><br><em>Where they segment traffic?&#8217; But no segments,<\/em><br><em>No zones define our flat, inner network<\/em><br><em>Contractors here mixed with outsourcers there,<\/em><br><em>Aren&#8217;t firewalls and segments for those neighbors?<\/em><br><em>Something there is that doesn&#8217;t love firewalls,<\/em><br><em>That wants it down. I could say &#8216;Scrums&#8217; to him,<\/em><br><em>But it&#8217;s not scrums exactly, and I&#8217;d rather<\/em><br><em>He said it for himself. I see him there<\/em><br><em>Auditing a rule that&#8217;s permit all all<\/em><br><em>The CISO told him to accept the risk.<\/em><br><em>He moves in darkness as it seems to me,<\/em><br><em>Not of woods only and the shade of trees.<\/em><br><em>He will not go behind his CISO&#8217;s saying,<\/em><br><em>And he likes having thought of it so well<\/em><br><em>Once again, &#8216;Good firewalls make good neighbors.&#8217;<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>There&#8217;s an old Robert Frost poem, &#8216;Mending Wall&#8217;, that I&#8217;d like to&nbsp;pirate&nbsp;draw inspiration from and make a few adaptations to, if you don&#8217;t mind&#8230; Auditing Firewalls Something there is that doesn&#8217;t love firewalls,That opens the ports, many and varied,And spews out the code in plain text in prod;And makes gaps even two can pass abreast.The [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,12],"tags":[],"class_list":["post-2403","post","type-post","status-publish","format-standard","hentry","category-complete-fiction","category-security"],"_links":{"self":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2403","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2403"}],"version-history":[{"count":1,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2403\/revisions"}],"predecessor-version":[{"id":2404,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2403\/revisions\/2404"}],"wp:attachment":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2403"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2403"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2403"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}