Rhino Bond wrote:

>Folks,
>
>Since many of us are intensly commited to learning,
>research and knowledge I felt it appropriate to post
>this here. At my current contract we are trying to
>come up with a set of rules that is "all inclusive"
>(as much as possible). Granted a Security Policy is
>part of it, so are firewall rules, so might be the
>rules for the IDS. When I asked for further
>clarification on this topic, I was told, "you know
>something like "fuzzy-logic" that states IF "A" then
>"Z" (for example a hacker is hacking away at the
>firewall), BUT if the hacker breaks through the
>firewall, then We need to jump to IDS rules, so now
>it's IF B then Y, and if the hacker get's into the
>corporate piggy bank and steals money, then it's IF C
>then X...
>
>Any thoughts on this? Anyone seen a white paper on
>such a set of rules?
>
David,

actually this reminds me of the "Defense-in-Depth" concept applied to
network/system security, but i may be wrong ;)
have a look at this one in the meantime :
http://rr.sans.org/start/primer.php

cheers
Fred

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]