Firewall Wizards mailing list archives
Re: Security Policy methodologies
From: Rick Smith <smith () securecomputing com>
Date: Wed, 31 Dec 1997 10:23:34 -0600
At 6:55 PM -0600 12/29/97, Bret Watson wrote:
I'm seeking information on any methodologies for developing Security Policies.
I've seen two general approaches: top down or bottom up. Though you're obviously doing the top-down approach, let me comment briefly on the alternative. I think there was a paper by some folks at Hanscom AFB on this at ACSAC in '96. The basic approach was to identify the types of network traffic currently present, justify all that traffic, and then configure the firewall to support that traffic. First, they ran a firewall with no filtering enabled but with all logging enabled in order to identify all traffic passing through their point of presence. Then they systematically accounted for all traffic they could. This consisted of contacting the people using various services and protocols to verify that the communications were in fact intended and that they supported an appropriate mission. Then they configured the firewall to support exactly the traffic required. In a few cases they couldn't track down the users of some obscure things, so they just disabled them. Naturally, a few protocols were not detected during their analysis phase and had to be added later. Personally, I don't think this is a way to achieve recognizable security objectives. But it's not clear to me that a heterogeneous organization can achieve such objectives with a multifunction Internet connection. At some point the firewall lets through so much traffic that it's simply a deterrent: a fig leaf instead of a suit of armor. This is considered acceptable security in many places. An interesting wrinkle I've seen recently in doing top-down analysis and decomposition is the recent dissertation by Darrell Kienzle on using a variant of fault trees to do the analysis. Assuming it hasn't moved, a recent paper on the concept resides at http://www.cs.virginia.edu/~dmk8r/NSPW97.ps while a copy of his dissertation is at http://www.cs.virginia.edu/~dmk8r/MOAT.ps At least, this work suggests a syntactic structure to use when analyzing security poicy issues. But he doesn't say much on appropriate semantics, which remains the killer issue IMHO. Rick. smith () securecomputing com Secure Computing Corporation "Internet Cryptography" at http://www.visi.com/crypto/ and bookstores
Current thread:
- Re: Security Policy methodologies Rick Smith (Jan 01)
- Re: Security Policy methodologies Ted Doty (Jan 02)
- Re: Security Policy methodologies Aleph One (Jan 03)
- Re: Security Policy methodologies Marcus J. Ranum (Jan 03)
- Re: Security Policy methodologies Ted Doty (Jan 05)
- Re: Security Policy methodologies Aleph One (Jan 05)
- Re: Security Policy methodologies Ted Doty (Jan 05)
- Re: Security Policy methodologies Larry J. Hughes Jr. (Jan 06)
- Re: Security Policy methodologies Rick Smith (Jan 07)
- Re: Security Policy methodologies Ted Doty (Jan 07)
- Re: Security Policy methodologies Aleph One (Jan 03)
- Re: Security Policy methodologies Ted Doty (Jan 02)
- <Possible follow-ups>
- RE: Security Policy methodologies Rick Smith (Jan 01)