Firewall Wizards mailing list archives
Security Policy
From: "Wolfgang 'Robyn' Braun" <braun () cassandra kiosk ch>
Date: Mon, 20 Oct 1997 15:20:59 +0200
Greetings I'm currently working here for this organisation in switzerland, one of my main jobs being to come up with a (hopefully reliable) firewall solution. So for some weeks now i read Chapman & Zwicky's book on firewalls, various security related newsgroups and mailing lists and chase every bit of information about firewall tools that i can find. That's all ok so far. I made myself familiar with the tools i want to use and tested them out on a subnet i set up especially for this purpose. But since i'm subscribed to firewall-wizards, i get the feeling that something very basic is missing, and last night i found out what it is: A Security Policy! You can really find tons of information on how to set up your screening routers, creating decent packet filter rules and setting up various application level proxies. But so far i didn't find any information on how to write a secuity policy - and i feel that it is rather important to have one if only to show it to the pointy haired manager. Don't get me wrong, i know what should be allowed across the firewall and i know how to implement it (actually i already did it on my private subnet) - but i really don't know how to write a security policy. Is there some sort of guideline on how to write a security policy? regards wolfi -- -> Wolfgang Braun <braun () ai-lab fh-furtwangen de> -> http://www2.ai-lab.fh-furtwangen.de/~braun -> PGP Key fingerprint = F9 49 DC 2E A2 FC 5A 4C 91 70 8E AC 07 A7 27 98 -> finger me for public key
Attachment:
_bin
Description:
Current thread:
- Security Policy Wolfgang 'Robyn' Braun (Oct 21)
- Re: Security Policy Fred Donck (Oct 22)
- Re: Security Policy Damir Rajnovic (Oct 22)
- Re: Security Policy Paul Pomes (Oct 23)
- Re: Security Policy Adam Shostack (Oct 22)
- Re: Security Policy Bennett Todd (Oct 22)
- Re: Security Policy Joseph S. D. Yao (Oct 23)
- Re: Security Policy Joseph S. D. Yao (Oct 23)
- <Possible follow-ups>
- Re: Security Policy Bill_Royds (Oct 22)
- RE: Security Policy Januszewski, Joseph (Oct 23)
- Re: Security Policy H. Morrow Long (Oct 23)
(Thread continues...)