Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Practical Firewall Metrics

From: "Marcus J. Ranum" <mjr () nfr net>
Date: Fri, 20 Feb 1998 14:40:30 -0500
Michael Brennen writes:

I'm surprised you support this for the simple reason you point out: 
vendors can claim anything they want.  Calling a template a "highly
paranoid access policy" is useless unless you have the understanding
to verify that it in fact does what you need. I distrust vendor
packages / templates / etc. for precisely this reason: I don't trust
them to keep *my* best interest beyond *their* own best interest.


Right. That's why I said that the regulatory bodies that own
various fields of endeavour should have defined the templates
in accordance with best business practice for each area. It
shouldn't/can't come from the firewall vendor but if the SEC
published the template standards and the firewall vendors
implemented those as packaged configurations for their products
then we'd be able to meaningfully audit compliance.

mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
Previous By Date Next
Previous By Thread Next

Current thread: