At 12:33 07/03/01 -0300, Luiz Eduardo wrote:
>Hi,
>hello, I need to create a security policy. Can anybody help? could
>anybody supply one of your site as example?
- try a search or surf on www.sans.org
(fro example:
http://www.sans.org/infosecFAQ/policy/netsec_policy.htm
http://www.sans.org/infosecFAQ/policy/compliance.htm
...)
- try also: http://www.cerias.purdue.edu/coast/archive/index.html
and select "subject index", and then "security policy" (I can't give
you the direct link, since this is a "no pointing" site!)
- the "Building Internet Firewalls" book has a chapter devoted to this.
You can live without this book, but that would be a mistake:)
One of the simplest policies is:
"allow every outbound access, and deny every inbound access".
but this might not be acceptable (for example: email viruses can
come to you via outbound POP connections, ...).
Note that you need to define your policy in non-technical terms first
(this doesn't mean you shouldn't keep technicalities in mind, but
you should be able to minimize details). and only then describe the
implementation.
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
