RE: where should I start? help!

["DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>]

I second this.  However if your users are not use to this restriction, you
need to get both upper management backing for the policy and you need to
ease your users into this new comfort zone to prevent a reduction in human
production and to make sure you will not break anything that is being used
for production purposes.

Personally, I agree with blocking all inbound\outbound traffic and open only
what is needed.  However, upper management will get angry if their employees
become disgruntled and stop working at the quality they were before.  You
will need to convince upper management that in the long run, their employees
will be more productive because of less distractions and they will not have
to worry about IP loss, monetary loss, or law suits from the lack of due
diligence of their network security.

Regards,

Greg DeGennaro Jr., CCNP
Security Analyst


-----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu] 
Sent: Monday, July 28, 2003 9:59 AM
To: 'Jude Naidoo'; 'Jane Han'; 'ALLEN, DONALD S (AIT)';
Gregory_DeGennaro () csaa com
Cc: security-basics () securityfocus com
Subject: RE: where should I start? help!

  Blocking specific ports because they're "threats" sort of worked
okay around 1995.  In the Internet of the 21st century, it doesn't.

  The Right Way(TM) to define a firewall policy is to block all
traffic by default, and then open up what your organization actually 
needs.  That way, you can get away with ignoring new threats unless
they actually apply to stuff your organization does, instead of
constantly putting out fires each time the building catches.

David Gillett

 

---------------------------------------------------------------------------
----------------------------------------------------------------------------