Re: Firewall administration

[Anton J Aylward <anton () toronto com>]

At 12:44 PM 06/10/97 -0400, David Collier-Brown wrote:
## Reply Start ##

> Rik Farrow wrote:
> > And services like NFS, which has an authentication mechanism
> > so weak as to be almost useless (similar to CIFS) does not
> > belong in this list.  Having a warning would be akin to having
> > a sticker on the dashboard which reads:
> >
> > "Warning: due to the bad design of the doorlocking mechanism,
> > passengers may fall out when turning corners."
>
>       From the security officer's point of view, there are two
>       enemies: the attacker and his own management.  It is
>       very important that one can say ``you ordered me to throw Sam 
>       out of the car'' when management complains about the
>       effects of opening the hole they asked for last week.  It's
>       even more important to be able to send them a form to sign
>       which says ``Turning on cornering will result in the 
>       inadvertant ejection of passengers. I authorize
>       this as an officer of the company''.


BRAVO DC-B, BRAVO!
This is what POLICY is all about.
It is also what being a security officer is about, that is 
taking the form to management and making them sign it.

By implication it also means you have to restrict access 
to the firewall configurator, that is keep it out of the hands
of anyone who isn't willing to either sign that form or demand
that an officer sign it.

And yes, I have been at sites where ANY of the network, host or novell
administrators can change the firewall config, and did so without
consultation or logging.   Nightmare time!

/anton - who wonders what the firewall configurator's equivalent of the
         phrase "Code! What that's the _last_ thing I'll do" would be.

## Reply End ##