Re: Firewall Audit Programme/checklist

["Marcus J. Ranum" <mjr () nfr net>]

Bret Watson writes:
> > that are basically undocumented. :( What you really want isn't a
> > checklist, it's a flow-chart. A really BIG flow-chart that goes
> > kind of like:
> good idea - we might follow this one as well - thinking about it - its more
> like a diagnostic chart than anything - which is what we are doing when we
> audit really...

That would probably help. As someone reminded me in mail, a checklist
is more useful for reminding you what to check, rather than instructing
you as to its significance. What'd be interesting, then, is a decision
tree that goes through the first levels of analysis, to whatever depth
is reasonably representable. Then the leaves of the tree would be
checklists of questions that should be answerable in the context of
that branch of the tree. Throughout the tree you could put "get this
information" directives at the various decision points.

It'd be pretty hellacious to develop such a document. It'd amount
to a paper-based expert system. Hm. If you're going that far why
not put it on a handheld..? :)   "Consultant in a box."  The one
thing I think would be an interesting side effect of a tree based
structure is that the top of the tree would change less often while
the leaves would change from O/S version to version.

mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr