Security Basics mailing list archives
Re: DMZ / Firewall rule diagramming
From: Spigga <spigga () gmail com>
Date: Sun, 5 Dec 2004 23:19:39 -0600
For firewall rules specifically use a Visio with squares representing each "zone" and use colored lines to indicate the permitted traffic patterns. Inbound blue outbound green with labels indicating protocol and port. Color code the zones to indicate security levels for that zone (assuming pix). I wish I could show you what I mean but I cannot share our visios. Have one tab in a drawing dedicated to traffic flow and others for the network diagramming of each zone. You can also include the ip addresses of the firewalls and failover links. I'd make you one to show what I mean but I don't have Visio on Linux, our design team does the drawings. If you like the idea but need to see it let me know and I'll have one sanitized for you. On Fri, 3 Dec 2004 09:15:43 +1300, Craig Humphrey <craig.humphrey () chapmantripp com> wrote:
Hi Charles, Thanks for that, but I think you missed the point. I'm trying to come up with a "standard" way to describe ANY DMZ or Firewall rule set. I already have pretty pictures of the physical layout of my DMZ, but it's a nice way to overlay the rules and data flows on that that I'm looking for. Mogzy uses layers in Visio, which is an excellent idea. Though I'm still looking for a more formal method... Surely the likes of SANS have something in this area? (I've done a google on their site, but turned up nada). Later'ish Craig-----Original Message----- From: Charles mckee [mailto:chuck619 () gmail com] Sent: Friday, December 03, 2004 3:54 AM To: Craig Humphrey Cc: security-basics () securityfocus com Subject: Re: DMZ / Firewall rule diagramming For you to ask for a general firewall configuation that is kind of tough. First of all we need to know what hardware and software is you have access too..Where are you going to place your firewall. We need to see kind of where you intend to place it. What rulesets you want want to employ. I would advice you to take a look at some books about firewalling, DMZ's, HoneyPots and Network Design. This way you can become more familiar yourself with it. What good is a firewall if one does not know where to place it, where it's logs are kept and so forth. Must my humble .02 cents. Respectfully Yours Chuck
Current thread:
- DMZ / Firewall rule diagramming Craig Humphrey (Dec 01)
- Re: DMZ / Firewall rule diagramming Charles mckee (Dec 02)
- Re: DMZ / Firewall rule diagramming Michael Gale (Dec 06)
- <Possible follow-ups>
- RE: DMZ / Firewall rule diagramming Craig Humphrey (Dec 03)
- Re: DMZ / Firewall rule diagramming Spigga (Dec 06)
- RE: DMZ / Firewall rule diagramming Craig Humphrey (Dec 07)
- Re: DMZ / Firewall rule diagramming Michael Gale (Dec 06)
- Re: DMZ / Firewall rule diagramming Spigga (Dec 07)
- Re: DMZ / Firewall rule diagramming Spigga (Dec 08)
- Re: DMZ / Firewall rule diagramming Michael Gale (Dec 06)
- RE: DMZ / Firewall rule diagramming aldr1c (Dec 08)
- RE: DMZ / Firewall rule diagramming Gaydosh, Adam (Dec 08)
- RE: DMZ / Firewall rule diagramming Jackson, Gary (Dec 08)
- RE: DMZ / Firewall rule diagramming Craig Humphrey (Dec 08)
- RE: DMZ / Firewall rule diagramming Craig Humphrey (Dec 08)
- RE: DMZ / Firewall rule diagramming Craig Humphrey (Dec 09)