Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Questions to ask was: RE: Small company questions

From: "Mark Teicher" <mark-teicher () worldnet att net>
Date: Fri, 10 Oct 1997 19:48:21 -0400


Eric,

Yes, those questions are very important and should be stated, but also it
is ever evolving process throughout.
New questions arise after everything is at least somewhat installed.  Each
solution should be at least reviewed every 6 - 8 mos.
Most people who read Building Internet Firewalls will state 15 -18 mos. 
But the way emerging technology is going, I try to review every 6 -8 mos,
to ensure the business model of the company is still somewhat same.

The questions need to be addressed at the highest level and at the lowest
level to ensure agreement between all parties concerned in the setup of a
solution.

/mht

----------

From: Eric <bealls () ix netcom com>
To: 'Bennett Todd' <bet () rahul net>; firewall-wizards () nfr net
Cc: Mark Teicher <mht () clark net>; Adam Shostack <adam () homeport org>
Subject: RE: Small company question was Re: Firewall administration.
Date: Friday, October 10, 1997 7:20 PM

Agreed, most small companies can get along pretty well with a template

that 

says: "deny all except mail and web services".  While the answers to

Mark's 

questions may seem obvious, I still think it is very important to ask

them 

from a due diligence standpoint.  A mechanism then needs to be in place

to 

review, approve, and add services on week 2 when the employees ask why

they 

can't access certain web pages or buy stuff, do ftp, irc, etc.  Having

gone 

through the comprehensive (and seemingly umimportant) set of questions 
upfront with the IS manager (and company management?), methods of 
addressing these issues can be addressed in a (hopefully) easier fashion.

Mark Teicher wrote:

[...] What should a small company do? [...]
Usually I start off with is what would the company like do as in :
    Ask some of the basic questions:
            Why does company want to be on the internet?
            What is the potential issues related to being on the internet?
            How does this affect our business model?
            How does it change the business model with the Internet?


<snip>
Previous By Date Next
Previous By Thread Next

Current thread: