Firewall Wizards mailing list archives
Re: Internet Security Review
From: Steve Kruse <jsk347 () worldnet att net>
Date: Mon, 13 Oct 1997 18:15:35 -0400
Ok folks...Mark (in a private E-Mail) pointed out a serious mistake I made here. I said "takes several days to complete". What I should have said "takes several weeks or months to complete". The real time involved is on the auditEE's part, not the auditOR's part, in that before they can do a serious evaluation, you must spend many many many hours preparing precise detailed information. The work of making detailed maps, listing operating systems, programs, rev/release levels, connections, policies, access-lists, firewall rules blah blah blah...must all be done before they ever set foot on site. Once on site, the time they are actually there doing the audit ranges on the complexity of the network from days to weeks. THEN, after the audit is completed, they will take some amount of time (up to another several weeks) preparing the report for executive management. So...comment gracefully accepted, Mark. Good point! Steve Kruse
Date: Mon, 13 Oct 1997 13:44:30 -0400 To: Mark Teicher <mht () clark net>, firewall-wizards () nfr net From: Steve Kruse <jsk347 () worldnet att net> Subject: Re: Internet Security Review In-Reply-To: <3.0.3.32.19971013021555.0335e108 () clark net> References: <19971012093330.51100 () rahul net>
<3.0.3.32.19971012105705.0093c120 () mail iss net> <3.0.3.32.19971007073301.0093c100 () mail iss net> <01BCD21F.1EC81720@gcrum () us-state gov> <01BCD21F.1EC81720@gcrum () us-state gov> <3.0.3.32.19971007073301.0093c100 () mail iss net> <19971007061828.59416@rahul.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 06:15 AM 10/13/97 +0000, Mark Teicher wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What are people's thoughts on what an Internet Security Review is??What tools or programs would one use while conducting one, and how would one go about conducting one? /mht
Lots of stuff deleted to SAVE some bandwidth! <<<<<<<<<<
Most "complete" audits will take several days to complete and will require many hours of preparation, such as providing network maps, complete policy documentation, meetings with legal council, MIS, and executive staff, etc. before the actual assessment (audit) actually begins. Not an undertaking for the "cash impaired" or the "feel good all over" level some companies are looking for. Comments welcome - Flames Ignored!
***************************************************** * Steve Kruse Milkyway Networks * * Network Systems Engineer 1342 E. Vine St. #224 * * 407-847-8977 Voice Kissimmee, FL 34744 * * 407-847-7203 Fax http://www.milkyway.com * *****************************************************
Current thread:
- Re: Internet Security Review Steve Kruse (Oct 13)