Firewall Wizards mailing list archives
Re: Firewall Audit Programme/checklist
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Tue, 17 Mar 1998 09:32:01 -0500
Bret Watson writes:
that are basically undocumented. :( What you really want isn't a checklist, it's a flow-chart. A really BIG flow-chart that goes kind of like:good idea - we might follow this one as well - thinking about it - its more like a diagnostic chart than anything - which is what we are doing when we audit really...
That would probably help. As someone reminded me in mail, a checklist is more useful for reminding you what to check, rather than instructing you as to its significance. What'd be interesting, then, is a decision tree that goes through the first levels of analysis, to whatever depth is reasonably representable. Then the leaves of the tree would be checklists of questions that should be answerable in the context of that branch of the tree. Throughout the tree you could put "get this information" directives at the various decision points. It'd be pretty hellacious to develop such a document. It'd amount to a paper-based expert system. Hm. If you're going that far why not put it on a handheld..? :) "Consultant in a box." The one thing I think would be an interesting side effect of a tree based structure is that the top of the tree would change less often while the leaves would change from O/S version to version. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Re: NTp config - for the databases :}, (continued)
- Re: NTp config - for the databases :} Kees Hendrikse (Mar 12)
- Re: NTp config - for the databases :} Bret Watson (Mar 12)
- Re: NTp config - for the databases :} Kees Hendrikse (Mar 13)
- Re: NTp config - for the databases :} Bret Watson (Mar 13)
- Re: NTp config - for the databases :} Kees Hendrikse (Mar 12)
- Re: NTp config - for the databases :} Joseph S. D. Yao (Mar 13)
- Re: NTp config - for the databases :} John Painter (Mar 14)
- Firewall Audit Programme/checklist Bret Watson (Mar 16)
- Re: Firewall Audit Programme/checklist Marcus J. Ranum (Mar 16)
- Re: Firewall Audit Programme/checklist Chad Schieken (Mar 16)
- Re: Firewall Audit Programme/checklist Bret Watson (Mar 17)
- Re: Firewall Audit Programme/checklist Marcus J. Ranum (Mar 17)
- Re: Firewall Audit Programme/checklist blast (Mar 17)
- Re: Firewall Audit Programme/checklist tqbf (Mar 16)
- Re: Firewall Audit Programme/checklist kant (Mar 16)
- Re: DNS -vs- the firewall: security thoughts Bennett Todd (Mar 12)