Firewall Wizards mailing list archives
Re: Practical Firewall Metrics
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Fri, 20 Feb 1998 14:40:30 -0500
Michael Brennen writes:
I'm surprised you support this for the simple reason you point out: vendors can claim anything they want. Calling a template a "highly paranoid access policy" is useless unless you have the understanding to verify that it in fact does what you need. I distrust vendor packages / templates / etc. for precisely this reason: I don't trust them to keep *my* best interest beyond *their* own best interest.
Right. That's why I said that the regulatory bodies that own various fields of endeavour should have defined the templates in accordance with best business practice for each area. It shouldn't/can't come from the firewall vendor but if the SEC published the template standards and the firewall vendors implemented those as packaged configurations for their products then we'd be able to meaningfully audit compliance. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- INtrusion Detection Gary Crumrine (Feb 17)
- Re: INtrusion Detection Frederick M Avolio (Feb 18)
- Re: INtrusion Detection Aleph One (Feb 18)
- Practical Firewall Metrics...Was: INtrusion Detection Christopher Nicholls (Feb 20)
- Re: Practical Firewall Metrics Marcus J. Ranum (Feb 20)
- Re: Practical Firewall Metrics Michael Brennen (Feb 20)
- Re: Practical Firewall Metrics Marcus J. Ranum (Feb 20)
- Re: Practical Firewall Metrics Christopher Nicholls (Feb 24)
- Practical Firewall Metrics...Was: INtrusion Detection Christopher Nicholls (Feb 20)
- Re: Practical Firewall Metrics Bennett Todd (Feb 20)
- Re: Practical Firewall Metrics Leonard Miyata (Feb 20)
- Re: Practical Firewall Metrics...Was: INtrusion Detection Bennett Todd (Feb 20)
- <Possible follow-ups>
- Re: INtrusion Detection tqbf (Feb 18)
- Re: INtrusion Detection Adam Shostack (Feb 18)
- Re: INtrusion Detection Vern Paxson (Feb 18)
- Re: INtrusion Detection Marcus J. Ranum (Feb 18)
- Re: INtrusion Detection tqbf (Feb 18)
- RE: INtrusion Detection Gary Crumrine (Feb 19)