Firewall Wizards mailing list archives
Re: Security Policy
From: Fred Donck <f.c.w.donck () siep shell com>
Date: Wed, 22 Oct 1997 08:33:55 +0200
Wolfi, In ch.6 of the SAGE booklet nr.2, 'A Guide to Developing Computer Policy Documents', some useful resources are provided: -----< Quote from the booklet >------------- Archives and Direcories ----------------------- COAST Security archive: archive of security related information which include links to documents about policies, laws etc. http:///www.cs.purdue.edu/coast/archive IETF Internet Drafts: recent relevant works-in-progress here include an update to the Site Security Handbook and a catalog of Internet training material. http://www.internic.net/ds/dsintdrafts.html SAGE Policy Archive: policy documents created using this guide I'm quoting from. http://www.usenix.org/sage/hypertext/policies State of Oregon vs. Randall Schwartz. Documentation on this case is maintained by the Friends of Randal Schwartz. http://www.lightlink.com/fors Articles, Papers & Books ------------------------ D.B. Chapman & E. D Zwicky, Building Internet Firewalls, O'Reilly & Associates, Inc. 1995, pp. 377-392. S. Hambridge & J.C> Sedayo, "Horses and Barn Doors: Evolution of Corporate Guidelines for Internet Usage," USENIX LISA VII, 1993. ftp://coast.cs.purdue.edu/pub/doc/institutional_policies/horses.ps.Z S.E. Hanson, Legal issues: A Site Manager's Nightmare, Stanford University, 1993. ftp://coast.cs.purdue.edu/pub/doc/law+ethics/legal_issues_site_managers_nightmare.txt.Z P. Holbrook, J. Reynolds, RFC1244: Site Security Handbook, Internet IETF, 1991. ftp://ds.internic.net/rfc/rfc1244.txt E. Nemeth, et al, Unix System Administration Handbook, 2nd. ed., Prentice Hall, 1995, pp. 722-750 ----< Unquote >---- Hope this helps, Fred Wolfgang 'Robyn' Braun wrote:
Greetings I'm currently working here for this organisation in switzerland, one of my main jobs being to come up with a (hopefully reliable) firewall solution. So for some weeks now i read Chapman & Zwicky's book on firewalls, various security related newsgroups and mailing lists and chase every bit of information about firewall tools that i can find. That's all ok so far. I made myself familiar with the tools i want to use and tested them out on a subnet i set up especially for this purpose. But since i'm subscribed to firewall-wizards, i get the feeling that something very basic is missing, and last night i found out what it is: A Security Policy! You can really find tons of information on how to set up your screening routers, creating decent packet filter rules and setting up various application level proxies. But so far i didn't find any information on how to write a secuity policy - and i feel that it is rather important to have one if only to show it to the pointy haired manager. Don't get me wrong, i know what should be allowed across the firewall and i know how to implement it (actually i already did it on my private subnet) - but i really don't know how to write a security policy. Is there some sort of guideline on how to write a security policy? regards wolfi -- -> Wolfgang Braun <braun () ai-lab fh-furtwangen de> -> http://www2.ai-lab.fh-furtwangen.de/~braun -> PGP Key fingerprint = F9 49 DC 2E A2 FC 5A 4C 91 70 8E AC 07 A7 27 98 -> finger me for public key ---------------------------------------------------------------------
-- +------------------- My opinions are my own ---------------------------+ | Fred Donck | Voice/Fax : +31-70-311-2374 | | Unix System Engineer | E-mail : fred () RealIT com (private) | | Internet Technologist | f.c.w.donck () siep shell com (work) | +------------------------------+---------------------------------------+
Current thread:
- Security Policy Wolfgang 'Robyn' Braun (Oct 21)
- Re: Security Policy Fred Donck (Oct 22)
- Re: Security Policy Damir Rajnovic (Oct 22)
- Re: Security Policy Paul Pomes (Oct 23)
- Re: Security Policy Adam Shostack (Oct 22)
- Re: Security Policy Bennett Todd (Oct 22)
- Re: Security Policy Joseph S. D. Yao (Oct 23)
- Re: Security Policy Joseph S. D. Yao (Oct 23)
- <Possible follow-ups>
- Re: Security Policy Bill_Royds (Oct 22)
- RE: Security Policy Januszewski, Joseph (Oct 23)
- Re: Security Policy H. Morrow Long (Oct 23)
- RE: Security Policy McKenna, Joe (Oct 23)
(Thread continues...)