Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Exchange & Blackberry

From: strider () mailworks org
Date: Tue, 22 Jun 2004 07:32:43 -0500
All true Paul, but you know us techno weenies don't want to deal with
policy, risk assessments, etc...we want to play with toys ;)

Don
On Tue, 22 Jun 2004 08:13:42 -0400 (EDT), "Paul D. Robertson"
<paul () compuwar net> said:


More importantly, what does your security policy say about the
requirements for such servers/services?

Every decision point shouldn't require a completely new assessment, it
should require going into a category of risk management that's already
outlined, with the appropriate software and hardware infrastructure needs
outlined, and adjusting for the quirks of the particular thing.

For instance "This type of server only gets access to the communications
segment," or "This type of server doesn't get carte blanch access to the
internal network," or "This type of server has to be on a separate
external segment" are all valid security policy statements- but the
policy
should address such things at a macro level, with detailed adjustments
for implementation.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal
opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure
Corporation

-- 
  
  strider () mailworks org

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: