|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Policy ? (was RE: Penetration Tests)
Capt Jim Bailey - SSG/SINS - DSN 596-6106 (bailey
ddn.af.mil)
Fri, 26 Sep 1997 14:36:49 -0500 (CDT)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Joe Klemmer: "Re: HTTP in practice"
- Previous message: Jim Raykowski: "RE: Here is my plan for firewall implementation"
- Maybe in reply to: Jim Raykowski: "Here is my plan for firewall implementation"
- Next in thread: Pauline van Winsen - Uniq Professional Services: "Re: Policy ? (was RE: Penetration Tests)"
- Maybe reply: Pauline van Winsen - Uniq Professional Services: "Re: Policy ? (was RE: Penetration Tests)"
- Reply: Bennett Todd: "Re: Policy ? (was RE: Penetration Tests)"
- Reply: Edward Cracknell: "Re: Policy ? (was RE: Penetration Tests)"
- Maybe reply: Gary Crumrine: "RE: Policy ? (was RE: Penetration Tests)"
>
> Note that for any testing --- any useful security work at all, for that matter
> --- you've gotta have a security policy in force; it has to do a good job of
> reflecting the organization's needs, it has to have management support, and it
> has to specify enough detail so it defines a spec that the security
> infrastructure must meet. And you know, once you get done with _that_ chore
> merely certifying the correctness of a firewall seems like a piece of cake.
>
> -Bennett
>
>
I think everyone agrees that having a solid security policy is needed before
implementing any feasible security architecture. My question is what does
this policy encompass? My question is not directed at the technical details
of how to get things done, but more towards the high level that has to be
sold to Joe and Jane user, the management, etc. Are you looking at writing
a document that states such general things like "don't use the network for
unofficial business"? Or do you get more specific like "all web traffic
will be proxied and only alowed to the following sites..."
Jim Bailey
- Next message: Joe Klemmer: "Re: HTTP in practice"
- Previous message: Jim Raykowski: "RE: Here is my plan for firewall implementation"
- Maybe in reply to: Jim Raykowski: "Here is my plan for firewall implementation"
- Next in thread: Pauline van Winsen - Uniq Professional Services: "Re: Policy ? (was RE: Penetration Tests)"
- Maybe reply: Pauline van Winsen - Uniq Professional Services: "Re: Policy ? (was RE: Penetration Tests)"
- Reply: Bennett Todd: "Re: Policy ? (was RE: Penetration Tests)"
- Reply: Edward Cracknell: "Re: Policy ? (was RE: Penetration Tests)"
- Maybe reply: Gary Crumrine: "RE: Policy ? (was RE: Penetration Tests)"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT