Cyberattacks against educational institutions have increased nearly 50% since 2021. Attacks against institutions like the University of Wisconsin result in enormous resource costs, including lost intellectual property, reduced staff productivity, tarnished brand reputation and more.
Because of this, it is imperative that we remain secure behind a firewall (both physical and virtual) with proper Palo Alto infrastructure configuration. With this in mind, and in adherence to UW policy 1038, the team has developed a comprehensive self-attestation plan for firewall administrators. By implementing a self-attestation plan, UW can enhance our collective security posture, identify potential vulnerabilities, and maintain a robust defense against cyber threats.
Key components of the plan
The following is an overview of the key components involved in our self-attestation plan for firewall administrators.
Baseline rules and standard definition
Establish clear and comprehensive baseline rules and standards for firewall administration. This document outlines the desired security objectives, defines acceptable configurations, and provides guidelines for managing firewall access control lists and other security settings.
Self-assessment process
Define a structured self-assessment process that firewall administrators will follow on a regular basis. This process typically involves a review of firewall configurations, rule sets, access controls, logging mechanisms, and other relevant security parameters. View and submit the Firewall baseline attestation form here.
Checklist creation
Develop a checklist or questionnaire that covers various aspects of firewall administration. The checklist (updated by the UW Cybersecurity Office) should include key areas such as rule management, authentication mechanisms, intrusion prevention systems, logging and monitoring, and firewall updates and patching. Firewall administrators can use this checklist to systematically evaluate their adherence to security practices.
Frequency and schedule
Depending on the organization’s risk tolerance and regulatory requirements, self-assessments will be conducted periodically. Establish a schedule for the self-assessment and validation process, including specific dates or time frames when firewall administrators should complete their assessments.
Remediation plan
When deviations or vulnerabilities are identified during the self-assessment process, establish a clear remediation. This plan should outline the steps required to address identified issues, assign responsibilities to appropriate personnel, and set deadlines for resolution. Prioritize critical vulnerabilities that pose a significant risk to UW’s security profile.
Documentation and reporting
Maintain thorough documentation of self-assessment activities, including the checklist results, identified vulnerabilities, remediation efforts, and their outcomes. This documentation provides a historical record of the security posture of the firewall infrastructure and helps track progress over time. Additionally, generate reports summarizing the self-assessment findings, areas of concern, and recommendations for improving security measures. Some of these reports will also be included in the Deans IT Security Dashboard.
Training and awareness
Ensure that firewall administrators receive up-to-date training related to firewall administration best practices, security requirements, technologies, and emerging threats. If you are interested in taking the Firewall Administration compliance training, please complete and submit the sign-up form. Once you submit your information, it may take 2-3 days for you to receive access to the course.
Continuous improvement
Regularly review and update policies, standards, and procedures based on lessons learned and changing security landscape. Incorporate feedback from firewall administrators and other relevant stakeholders to refine the self-attestation plan.
Accomplishments, work and timeline
Accomplishments
- Finalized a Canvas course for Firewall Administrators.
- Presented and gathered feedback from NFWAG regarding self-attestation and training.
- Planned development work with IAM to enable training certification enforcement.
- Completed pilot training group within DoIT.
- Kicked off the self-attestation period in October with supporting communications.
Upcoming Work
- Communicate with firewall administrators.
- Phase 2 – planning and discovery of Palo Alto Strata Cloud Manager.
Work in Progress
- Tracking self-attestation; targeting completion by January 31, 2025.
- Firewall administrators should complete the firewall self-attestation form for each firewall instance that they are assigned.
- Executing supporting communications for self-attestation reminders.
- Drafting a project update for ITCCC and Firewall Admins.
Timeline
- October 2024-January 31, 2025: Firewall self-attestation period.
- Firewall Admin certification requirements for read/write access to firewalls will begin post January 2025.
- Implement the free version of Palo Alto Strata Cloud Manager with lessons learned summary by June 30, 2025.