Firewall Replacement Project Charter

ahemcurrentΔίκτυα και Επικοινωνίες

21 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

871 εμφανίσεις


ahemcurrent_568bf87e
-
ed82
-
410c
-
80ed
-
2a4cb0ccd66e.docx

Page

1

of
3


Firewall Replacement

Project Charter

1. Project Information

Project ID

1234ABC

Project Manager

TBC

Project
Sponsor
(s)

Ben Doe

Project Executive

John Doe

Requested Date of Completion

August 2013

Project
Tech
.
Lead

Tom Doe

Reason for Requested Date

If we begin in May, we need adequate time for ruleset analysis

and implementation
.

Client Stakeholder(s)

Peter
Doe

ITS
/ POIS
Stakeholder(s)

Christine Doe


2. Project
Business Case

Background

The existing

WCMC
f
irewalls

are
around
10 years old and need to be replace
d

as soon as possible.

Reasons below:


Problem and Opportunities

Existing firewalls cannot handle current internet bandwidth

or CPU requirements
.

This leads to
internet slowness, which

is negatively impacting
E
mail, Weill Business Gateway

and

data transfers.
(
P)

ITS does not have a process
for

periodically review
ing

firewall rules
(new rules are entered and never
reviewed), this can lead to the following issues:

(P)



Similar rules performing similar function

can cause throughput and CPU degradation.



Obsolete

rules that are no longer necessary

can lead to unauthorized network access



Rule sets growing too large can cause throughput and CPU degradation


Project
Goal(s)

The overall goal of this project is to upgrade out internet edge firewalls to improve network speed
issues, and creating processes for firewall rule reviews, firewall operations, and firewall rule requests.

Obj
ectives Statement(s)

The high level

objectives for this project are as follows:

1.

Analyze and cleanup existing firewall rules, so that duplicate and/or, obsolete (what else) rules are
removed.

2.

Create test plan to verify changes improve performance in all known performance
-
issue areas
(i.e., data transfers, internet speed, CPU utilization, etc.)

3.

Create process for continuous firewall rule set maintenance

4.

Install Cisco firewalls (recently purchas
ed), and run in parallel to existing Juniper firewalls, then
migrate firewall traffic and rules to Cisco firewalls in stages.

5.

Implement process for periodic review of rules

6.

Test and deploy to production

Business Benefits

If the above goals and objectives

are met, this will r
esolve

the current
internet

and data transfer

slowness
issues that are being
caused by
the
existing firewalls
, and rules within them.





ahemcurrent_568bf87e
-
ed82
-
410c
-
80ed
-
2a4cb0ccd66e.docx

Page

2

of
3


3. Project Definition

In Project Scope



Hire consultant to
help
audit and cleanup existing rules



Develop migration plan from Juniper to Cisco

Firewalls



Perform an analysis of
required hardware upgrades to connecting network and security devices as
needed



Implement new firewalls



Cisco firewall training for Network and Security Engineers if required



Perform migration



Produce a test plan and execute



Develop and implement a process for periodic audit and update of firewall rules



Move to production



Update Disaster Recovery Plans



Decommission old firewalls


Out of Project Scope



Firewall selection and
procurement, they were already purchased.



Redesigning the internet edge, this will be part of the
Security Architecture Redesign project



Consultants will not
perform

the actual rule migration


Assumptions

This work will not make it more difficult or impossible to migrate the internet edge to the BRB next
year.

Constraints



This project must be completed
as soon as possible
because of the negative operational impact



Consultant availability may impact
schedule of this project



De
veloping a new process to audit and review
rules may require additional resources


Project Integration Points

Project

Integration Point
s:

Security Architecture Redesign

Project


The outcome of this project will lead to a
network redesign
that may impact the physical or logical placement of these firewalls.

Service Now

Project



t
his may result in additional scope in

the

service now project to integrate
firewall requests and
scheduled

reviews.




Major System

Integration Point
s:



Border and Core Routers



Source
F
ire IDS and IPS



Web Proxies



VPN


High Impact Risks

ITS
may

not have experience migrating
from Juniper to Cisco firewalls

which may result in delays or
migration failures
that

may

cause

unintended security risks

or downtime
.

Mitigated by:



Training



Use of consultants



Testing before moving to production



Security Review





ahemcurrent_568bf87e
-
ed82
-
410c
-
80ed
-
2a4cb0ccd66e.docx

Page

3

of
3


Success Criteria



New firewalls are deployed and internet slowness issues have been resolved.



Firewall CPU
utilization is within acceptable range

of below %
60
.



Rules are consolidated and optimized as per consultant recommendations.



Appropriate ITS engineers are trained
to administer and troubleshoot
new firewalls.



Process has been implemented to periodically audit
new
firewall rules.



4.
Project Budget

Account Number

12345

Client Budget

$
2
00
,000

ITS Estimated Budget

(Confidence Range

-
50% to +100%)

$ 300,000

Comments



5.
D
ocument Sign
-
o
ff

Signee

Print Name

Signature

Date Signed

Project Sponsor
(s)






Project Executive






PMO Associate
Director






B
y signing the above
, the
signees

approve

th
is

project
to move to the planning phase.