Re: [fw-wiz] iso 17799

From: Dana Nowell (DanaNowell_at_cornerstonesoftware.com)
Date: 07/22/04

  • Next message: Darren Reed: "[fw-wiz] FEP - Firewall enhancement protocol" 
    To: Frederick M Avolio <fred@avolio.com>, Dana Nowell <DanaNowell@cornerstonesoftware.com>, Dana Nowell <DanaNowell@cornerstonesoftware.com>, "Marcus J. Ranum" <mjr@ranum.com>, "Paul D. Robertson" <paul@compuwar.net>
Date: Thu, 22 Jul 2004 10:33:34 -0400

    The stuff I'm talking about is things like, I have to punch a hole through
    a VPN from office A to office B for a protocol I've never seen before. Gee
    I bet with the collective experience of the list, someone else has. I
    COULD search google (try TSE protocol someday), get 40,000 hits the first N
    pages of which are patches, marketing drivel, and unrelated hits, so I have
    to start the 'refine the query' game. OR I could email the list and get N
    hundred private responses or create a thread that 90% of the list isn't
    interested in (like this one by now;). Or we COULD start to collect that
    stuff in one place. Does the technique change, no. I still weigh my
    options and decide if I need the protocol, I still look at alternatives (or
    ask the list). But in the end, whatever I pick, I still need to either buy
    a doo-dad and click a button OR build some firewall rules for a protocol I
    have no clue about.

    I don't like the click and sleep firewall strategy. So I'm going to learn
    about the protocol. I'm not going to take anyone's word exclusively, I am
    going to do my own testing. But I'm not beyond taking a helping hand if it
    is available as a starting point. I'd also like to avoid spending half an
    hour playing 'refine the query' with google.

    OK, I don't like any of my options, so I need to put together a risk memo
    to get the project either cleaned up or canned. So being a newbie, I
    haven't done one before, I'd like a sample. Great, I know this list where
    people probably have hundreds kicking about, I email. No one wants to post
    the doc to the list because it is long and/or not really interesting to the
    bulk of the list, so I get private email. Cool, problem solved, I'm happy.
     Now, enter the next newbie in need of the same sample ...

    So I guess I agree with you, things don't change, and they should. Either
    that or I have this thing for windmills and horses. ;)

    At 06:27 AM 7/22/2004 -0400, Frederick M Avolio wrote:
    >At 07:47 PM 7/21/2004 -0400, Dana Nowell wrote:
    >>IMO, the information is too dynamic. Any book would be obsolete before it
    >>hits the store. We need a dynamic resource that ebbs and flows with the
    >>changes on the net.
    >
    >At the risk of beating a dead horse (or being called a dinosaur --
    >firewall-wizards, January 1999 :-)), the stuff you are talking about does
    >not change. It just gets applied to new situations. I know that sounds
    >unbelievable. But it is true.
    >
    >f
    >
    >
    > 

    -- 
Dana Nowell     Cornerstone Software Inc.
Voice: 603-595-7480 Fax: 603-882-7313
email: DanaNowell_at_CornerstoneSoftware.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Darren Reed: "[fw-wiz] FEP - Firewall enhancement protocol"