Firewall Wizards mailing list archives
Re: newbee to firewalls
From: Steve George <stevege () i-way net uk>
Date: Sun, 1 Aug 1999 17:54:30 +0100
Hmm, I'd say the first question is 'Is the client serious about security?', often initally a company is not serious about security, they are just trying to satisfy 'due diligence'. If they are not you have to try and assess the risk'what assets do they have, how likely are they to be attacked, is the cost of protection higher than the asset worth' and you may have to convince the influencers that there is risk. So the first step is risk assessment often in conjunction with education.
From there you move onwards to the planning of the system. What are we trying to protect, what features does the client want (this may or may-not have anything to do with the system you plan but is important) and what are the aims/budget. In other words you detail the scope of the system, what it will do and how, and more importantly what it WON'T do: that way no-one is confused about the limits. The client has to agree/negotiate with this.
Then you're into the actual plan of each element and how they will interact. This specifies how each element acts and clarifies how the sections interact. For example how does the virus protection interact with the firewall etc. Often this clarifies muddly water or twists you didn't forsee: often the client says comes up with some wrinkle they didn't think was 'important' at the time. Then you implement the system. Finally, you are into the continued growth and evolvement of the system. The business environment changes so the client requires VPN's hence you have to manage the changes with them: give them the important things and be firm about the dangerous ones - eventually it is their decision. This is the hard part because it is easy to say NO but businesses don't function because of security, it's a support function. Personally, I think the management side is the hardest. You can learn all you are likely to need technically from some books, some experimentation and a lot of thought. But the people issues are just something you discover as you go along (like trying to find the light-switch in a dark unfamiliar room). If this isn't going to be a permanent job you might consider trying to learn enough to be able to ask the right questions of someone for whom it is a full time job. The ability to hire the right people for specialist work is, I think, a rare skill in itself. Good luck, Steve On Fri, Jul 30, 1999 at 01:24:27PM -0400, RAYMOUR () aol com wrote:
The company I work for have assigned me the task of learning Internet Security/Firewalls. I have been surfing for info and have found alot of information. Also I have ordered a couple for books "Building Internet Firewalls" and "Firewalls and Internet Security" which have been mentioned at this site. My problem is that I was given this assignment Monday July 26 and I'm suppose to be have some questions on what is needed to start this process. Can anyone help me out on what kinds of questions I should be asking to start the process rolling? I know I need to "READ" "READ" "READ".
-- "Hacker, terrorist, pornographer, drug trafficker," "That's it -- the four horsemen of the Apocalypse." J.Granick referring to the US publics fears.
Current thread:
- Re: newbee to firewalls Steve George (Aug 02)
- <Possible follow-ups>
- Re: newbee to firewalls Brad Van Orden (Aug 03)