|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Interface (was Firewall administration and thoughts)
Mark Teicher (mht
clark.net)
Mon, 06 Oct 1997 09:46:07 -0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: John McDermott: "Re: Firewall administration."
- Previous message: Gary Crumrine: "RE: Firewall administration."
- Next in thread: Anton J Aylward: "Re: Interface (was Firewall administration and thoughts)"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David,
OK, I tend to agree with you on some aspects of your GUI like form
design, In GUI design (icons, rules, etc), or interface, not all
operating systems and actions can be executed the same way. Most of
the current products account for this, or do not port to all
platforms due to reasons listed in my comments above and your
comments below.
The real trick to some of the neat GUI designs is to allow the user
or the system administrator click a switch or screen detail on what
the GUI or interface is actually
installing/executing/removing/adding/changing from the system that is
being worked on, also a good debugging tool, and sometimes with
manual intervention, one can tweak the change just a hair to
accomendate for those specials (i.e. smapd modifications, etc)
Event notifications are a different issue since it all depends what
the company network/security policy dicates as a event or what the
person in charge deems important.. This can be a whole new thread in
itself. :)
/mht
At 08:31 AM 10/6/97 -0400, David Collier-Brown wrote:
>Following on from the GUI and dangerous-ergonomics discussion,
>I'd like to suggest that carefull throught can give a gui which
>actually expresses what the security officer **wants** to know,
>in terms of what he's asked for.
>
> A trivial example: Imagine a forms-like interface where you
>select services you wish to turn on (ie, the usual dumb thing).
>Now turn it into a table, with the following columns:
>
> Service Ports Opened Risk
>---+----------------------------+-------------------
> X | Email | smtp, 225/tcp | Spam[1][2][3]
> X | News | nntp, 119/tcp | Spam[2][3]
>...
> X | NFS v2 | sunrpc, 111/udp | Spoofing[4][5]
> | | portmapper |
> | | mountd
> | | nfsd | eavesdroping[9]
>
>With a bit of carefull collection of dependancies, one can
>easily show the user that he just added spam-forwarding
>(footnote [1]) when he turned on mail, by changing the
>words ``Spam[1]'' to red....
>
>With a bit more work, you can show cross-product effects:
>turn on traceroute by opening a whole range of upriveleged ports
>(on a certain vendors's implementation of traceroute) and all
>of a sudden nfsd's ports are open, and ``eavesdropping[9]''
>turns bright orange.
>
>
>To summarize: a GUI designed from the point of view of a security
>officer would be good.
>
>--dave (Note: one could write one as an analyzer, without
> it needing to be part of the firewall controls at all) c-b
>
>--
>David Collier-Brown, | Always do right. This will gratify some
people
>185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
>Willowdale, Ontario | davecbhobbes.ss.org, canada.sun.com
>M2N 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb
>
>
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBNDjrne0580gyByN0EQJ7BQCgioRh1gMbkigmXbX3MWrobH9T0W8An19F
o6jTz8/Ugmg4blKmwtIbSt/P
=Fh7i
-----END PGP SIGNATURE-----
- Next message: John McDermott: "Re: Firewall administration."
- Previous message: Gary Crumrine: "RE: Firewall administration."
- Next in thread: Anton J Aylward: "Re: Interface (was Firewall administration and thoughts)"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:09:09 CDT