Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1997

NFR Wizards Archive: RE: Small company question was Re: Firewal

RE: Small company question was Re: Firewall administration.

Eric (beallsix.netcom.com)
Fri, 10 Oct 1997 16:20:21 -0700

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Magossa'nyi A'rpa'd: "firewall configurator Was: Firewall administration."
Previous message: Alfred Huger: "Re: DNS on the Firewall - security problem"
In reply to: Adam Shostack: "Re: DNS on the Firewall - security problem"

Agreed, most small companies can get along pretty well with a template that
says: "deny all except mail and web services". While the answers to Mark's
questions may seem obvious, I still think it is very important to ask them
from a due diligence standpoint. A mechanism then needs to be in place to
review, approve, and add services on week 2 when the employees ask why they
can't access certain web pages or buy stuff, do ftp, irc, etc. Having gone
through the comprehensive (and seemingly umimportant) set of questions
upfront with the IS manager (and company management?), methods of
addressing these issues can be addressed in a (hopefully) easier fashion.

Mark Teicher wrote:
> [...] What should a small company do? [...]
> Usually I start off with is what would the company like do as in :
> Ask some of the basic questions:
> Why does company want to be on the internet?
> What is the potential issues related to being on the internet?
> How does this affect our business model?
> How does it change the business model with the Internet?

<snip>

>>I just couldn't see spending time on the above part; that was really
simple.
Like everybody these days, they wanted email and www access from their
desktops. A bit of additional questioning showed that they didn't want
anything else. I gave a couple of leading questions ``wanna be able to buy
things with secure web access --- use your credit card over the web to buy
tickets or whatever''? "No", said he, so he doesn't need a crypto tunnel
through his firewall. ``Wanna restrict what machines can send you active
content (aplets)?'' "Sure, as long as I can easily update the list". Sounds
right to me

Next message: Magossa'nyi A'rpa'd: "firewall configurator Was: Firewall administration."
Previous message: Alfred Huger: "Re: DNS on the Firewall - security problem"
In reply to: Adam Shostack: "Re: DNS on the Firewall - security problem"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:09:09 CDT