Re: Thinking about Security rules...

["f.harster" <f.harster () evc net>]

Rhino Bond wrote:

> Folks,
>
> Since many of us are intensly commited to learning,
> research and knowledge I felt it appropriate to post
> this here.  At my current contract we are trying to
> come up with a set of rules that is "all inclusive"
> (as much as possible).  Granted a Security Policy is
> part of it, so are firewall rules, so might be the
> rules for the IDS.  When I asked for further
> clarification on this topic, I was told, "you know
> something like "fuzzy-logic" that states IF "A" then
> "Z" (for example a hacker is hacking away at the
> firewall), BUT if the hacker breaks through the
> firewall, then We need to jump to IDS rules, so now
> it's IF B then Y, and if the hacker get's into the
> corporate piggy bank and steals money, then it's IF C
> then X...
>
> Any thoughts on this?  Anyone seen a white paper on
> such a set of rules?
David,

actually this reminds me of the "Defense-in-Depth" concept applied to 
network/system security, but i may be wrong ;)
have a look at this one in the meantime : 
http://rr.sans.org/start/primer.php

cheers
Fred