RE: DMZ / Firewall rule diagramming

["Craig Humphrey" <Craig.Humphrey () chapmantripp com>]

Hi Charles,

Thanks for that, but I think you missed the point.
I'm trying to come up with a "standard" way to describe ANY DMZ or
Firewall rule set.
I already have pretty pictures of the physical layout of my DMZ, but
it's a nice way to overlay the rules and data flows on that that I'm
looking for.

Mogzy uses layers in Visio, which is an excellent idea.

Though I'm still looking for a more formal method... Surely the likes of
SANS have something in this area? (I've done a google on their site, but
turned up nada).

Later'ish
Craig


> -----Original Message-----
> From: Charles mckee [mailto:chuck619 () gmail com] 
> Sent: Friday, December 03, 2004 3:54 AM
> To: Craig Humphrey
> Cc: security-basics () securityfocus com
> Subject: Re: DMZ / Firewall rule diagramming
>
> For you to ask for a general firewall configuation that is 
> kind of tough.
>
> First of all we need to know what hardware and software is you have
> access too..Where are you going to place your firewall.
>
> We need to see kind of where you intend to place it. 
>
> What rulesets you want want to employ.
>
> I would advice you to take a look at some books about firewalling,
> DMZ's, HoneyPots and Network Design. This way you can become more
> familiar yourself with it.
>
> What good is a firewall if one does not know where to place it, where
> it's logs are kept and so forth.
>
> Must my humble .02 cents.
>
> Respectfully Yours
> Chuck