Hosting Provided By

Re: Security Approval Process

From: <securityfocus(at)not4not.mailshell.com>
Date: Thu Mar 27 2003 - 15:22:53 EST

I agree with John about centralization of the function, because any change to the firewall(s) and other edge elements (external routers and switches as well as remote access or vpn solutions) of corporate security should be a defined (written) process of request and confirmation. Centralization does not mean simply one location, but a part of your organization.

Centralization, as John correctly noted, should decrease the probability of a misconfiguration of certain parts of the solution (i.e, firewall, router, etc), but sometimes middleware or other software can comprise security. I have seen very badly configured firewalls, not due to the security engineer implement a request correctly, but because internal developers or network engineers did not understand the full ramifications of what they were requesting. NATing is a particular function that compromises many solutions.

I suggest that you have firewall rules and the configurations of DMZ routers and equipment printed and reviewed as part of the security function. It is all a part of your corporate security policy.

RAR
>From "JohnNicholson@aol.com" <JohnNicholson@aol.com> on 26 Mar 2003:

> Debbie -

The FREE service that prevents junk email http://www.mailshell.com

SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfsbl1 Received on Fri Mar 28 10:03:53 2003

This message: [ Message body ]
Next message: Jacob: "Website of defaced websites"
Previous message: Robinson, Sonja: "RE: Windows 2000 user login"
In reply to JohnNicholson(at)aol.com: "Re: Security Approval Process"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:59 EDT