Firewall Wizards mailing list archives
RE: Small company question was Re: Firewall administration.
From: Eric <bealls () ix netcom com>
Date: Fri, 10 Oct 1997 16:20:21 -0700
Agreed, most small companies can get along pretty well with a template that says: "deny all except mail and web services". While the answers to Mark's questions may seem obvious, I still think it is very important to ask them from a due diligence standpoint. A mechanism then needs to be in place to review, approve, and add services on week 2 when the employees ask why they can't access certain web pages or buy stuff, do ftp, irc, etc. Having gone through the comprehensive (and seemingly umimportant) set of questions upfront with the IS manager (and company management?), methods of addressing these issues can be addressed in a (hopefully) easier fashion. Mark Teicher wrote:
[...] What should a small company do? [...] Usually I start off with is what would the company like do as in : Ask some of the basic questions: Why does company want to be on the internet? What is the potential issues related to being on the internet? How does this affect our business model? How does it change the business model with the Internet?
<snip>
I just couldn't see spending time on the above part; that was really
simple. Like everybody these days, they wanted email and www access from their desktops. A bit of additional questioning showed that they didn't want anything else. I gave a couple of leading questions ``wanna be able to buy things with secure web access --- use your credit card over the web to buy tickets or whatever''? "No", said he, so he doesn't need a crypto tunnel through his firewall. ``Wanna restrict what machines can send you active content (aplets)?'' "Sure, as long as I can easily update the list". Sounds right to me
Current thread:
- RE: Small company question was Re: Firewall administration. Eric (Oct 10)