Firewall Wizards mailing list archives
Re: Overall, GENERIC Security Rules
From: bve <bve () quadrix com>
Date: Tue, 28 May 2002 18:06:56 -0400
I have been scouring the Internet for more than a week looking for a white paper, or something that has a list of GENERIC security rules that apply to everything from the cisco choke router, to the bastion host, to the access router, and the IDS system, and the log parsers (NSM/open.com), and the hosts... We know how to configure the individual pieces, but has anyone thought about the whole ball of wax, holistically, and wrote about it? The closest thing I've found is the HoneyNet project documents, but it's still a conglomeration of pieces... Anyone seen anything like what I'm trying to describe?
I had an article published that was a 10,000 ft level description of the basics of security. I called it, "The Five Fundamental Principles of Security." It was designed for executives and other non-techies, and covered the following: 1.100% security does not exist. 2.Security risks are directly proportional to software complexity. 3.Implement security in layers. 4.Don't allow a breach to be leveraged elsewhere. 5.You're never done! You must keep up-to-date on software packages, drivers, and security alerts. Log files must also be regularly reviewed for anomalies. Were you looking for something like this? It's not an in-depth article, but it does try to address security from a more holistic point of view. If you like, I can probably scrounge up a link for it.... -Bill Van Emburg Quadrix Solutions, Inc. http://quadrix.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Overall, GENERIC Security Rules bve (May 29)