Firewall Wizards mailing list archives
Policy ? (was RE: Penetration Tests)
From: bailey () ddn af mil (Capt Jim Bailey - SSG/SINS - DSN 596-6106)
Date: Fri, 26 Sep 1997 14:36:49 -0500 (CDT)
Note that for any testing --- any useful security work at all, for that matter --- you've gotta have a security policy in force; it has to do a good job of reflecting the organization's needs, it has to have management support, and it has to specify enough detail so it defines a spec that the security infrastructure must meet. And you know, once you get done with _that_ chore merely certifying the correctness of a firewall seems like a piece of cake. -Bennett
I think everyone agrees that having a solid security policy is needed before implementing any feasible security architecture. My question is what does this policy encompass? My question is not directed at the technical details of how to get things done, but more towards the high level that has to be sold to Joe and Jane user, the management, etc. Are you looking at writing a document that states such general things like "don't use the network for unofficial business"? Or do you get more specific like "all web traffic will be proxied and only alowed to the following sites..." Jim Bailey
Current thread:
- Penetration Tests Edward Cracknell (Sep 25)
- Re: Penetration Tests Marcus J. Ranum (Sep 25)
- Re: Penetration Tests Brian Mitchell (Sep 26)
- Re[2]: Penetration Tests Edward Cracknell (Sep 26)
- Re: Re[2]: Penetration Tests Arjan Vos (Sep 27)
- Re: Re[2]: Penetration Tests Alfred Huger (Sep 27)
- Re: Penetration Tests Brian Mitchell (Sep 26)
- Re: Penetration Tests Marcus J. Ranum (Sep 25)
- Re: Penetration Tests Paul D. Robertson (Sep 26)
- Re: Penetration Tests Bennett Todd (Sep 26)
- Policy ? (was RE: Penetration Tests) Capt Jim Bailey - SSG/SINS - DSN 596-6106 (Sep 26)
- Re: Policy ? (was RE: Penetration Tests) Edward Cracknell (Sep 29)
- Re: Policy ? (was RE: Penetration Tests) Bennett Todd (Sep 29)
- Re: Policy ? (was RE: Penetration Tests) Paul D. Robertson (Sep 30)
- Policy ? (was RE: Penetration Tests) Capt Jim Bailey - SSG/SINS - DSN 596-6106 (Sep 26)
- Re[2]: Penetration Tests Edward Cracknell (Sep 26)
- Re: Penetration Tests -= ArkanoiD =- (Sep 26)
- <Possible follow-ups>
- Re: Penetration tests Bill Kennedy (Sep 26)
- Re[2]: Penetration Tests Frank Willoughby (Sep 29)
- RE: Penetration Tests Gary Crumrine (Sep 29)