Re: Firewall rules standards

• Previous message: Reece, Terry: "RE: Basic Windows Security Question"
• In reply to: Tran, Nhon: "Firewall rules standards"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: security basics list <security-basics@securityfocus.com>
Date: Wed, 30 Mar 2005 13:39:07 -0700

On Wed, 2005-03-30 at 14:11 +1000, Tran, Nhon wrote:

> I support a number of customers using a number of different firewalls, and I
> was wondering if anyone has any guidelines for the presentation firewall
> rules or any firewall conventions when it comes to documenting the rules.
> Ie name conventions for groups or services, or rules for the creation of
> groups. Or the description of a rule
> I know this would be hard and vary from administrator to administrator but I
> was wondering if there is some sort of standard? My goal is to reduce the
> amount of rules and make them readable.

I don't know if this will address your problem (or even if it's going to
work) but I'm in the design phase of a big, but simple, perl script that
is to generate config files for an IOS router, a PIX, a NOC, some Linux
workstations and some OS X workstations on my networks.

The idea is to have the firewall rules for, say, email generated in a
single function so all the firewalls will do what I want them to and so
the rules being generated will all be in the same place -- on the screen
when I write the code -- so I can carefully deal with the syntax
variations.

And the comments are supposed to be such that a pass over the program
with perldoc will generate my security policy -- the rules will be
readable and the same in there, and I will (hopefully) never need to
look at the actual rules on the various platforms.

-- 
Glenn English
ghe@slsware.com
GPG ID: D0D7FF20

• application/pgp-signature attachment: This is a digitally signed message part

• Previous message: Reece, Terry: "RE: Basic Windows Security Question"
• In reply to: Tran, Nhon: "Firewall rules standards"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Firewall rules standards ... was wondering if anyone has any guidelines for the presentation firewall ... rules or any firewall conventions when it comes to documenting the rules. ... I know this would be hard and vary from administrator to administrator but I ... (Security-Basics) Re: [fw-wiz] Host based vs network firewall in datacenter ... > network administrator in a small datacenter. ... > I'd like to solicit some advice on a firewall implementation. ... Keeping the hosts locked down tight, and open services to a minimum is a ... (Firewall-Wizards) Re: Suggest firewall for Win98se+ICS(dialup)+NAV ... > gateway for a peer-to-peer LAN with two workstations behind it? ... > Whatever software firewall you select should be capable of at least using ... There are no apps at all on the box I'm building for the client ... (comp.security.firewalls) Re: Is Windows XP firewall any good? ... I believe that the original writer of that article is refering to network ... The function of a software firewall is simple. ... permitted is stored in the registry. ... administrator is a really bad idea for any operating system ... (microsoft.public.windowsxp.security_admin) Re: Firewall ... the firewall, ... workstations the setting stays; the firewall is off. ... security barrier even if you also have a perimeter firewall. ... I use the security policy to handle most of our needs but the firewall ... (microsoft.public.windows.server.sbs)