You will need a full vulnerability assessment. You will want a complete
"audit' comprised of before & after analysis. Will need a budget too (be
sure to include all hardware, software, one time charges, and any mgt/maint.
fees as well). Contact me with any specific questions.
Jonathan Goetsch
ComIT Solutions, Inc.
4540 Campus Drive
Newport Beach, CA 92660
949-252-5351 Office
[EMAIL PROTECTED]
www.comIT.org
Member; Board of Directors, www.aipoc.org
"... Envision a network... that really works"
-----Original Message-----
From: Dhlamini, Melusi [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 30, 2001 11:45 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Documenting Firewalls
Basically when documenting a firewall, it is like doing a business case for
a firewall.
1. You need to write why the need of the firewall (i.e. just a 1 page threat
analysis of your network),
2. How does the firewall provide security against the mentioned threats.
3. Type of firewall, supplier and the OS is running.
4. Maintenance agreement of the firewall.
5. Rules of the firewall in detail.
6. Who (personnel) who manages the firewall and their deputies.
7. How often do the rules get changed, and what's the process of changing
the rules (are stakeholders involved).
Kind Regards,
Melusi Dhlamini
Information Risk Management
KPMG
21 Riebeeck Street; PO Box 4609; Cape Town
Business Telephone: +27 (21) 408-7325
Business Fax: +27 (21) 419-7503
Mobile: +27 (82) 782-9110
Website: www.kpmg.com
E-Mail Disclaimer
The information contained in this communication is confidential and may be
legally privileged. It is intended solely for the use of the individual or
entity to whom it is addressed and others authorised to receive it. If you
are not the intended recipient you are hereby notified that any disclosure,
copying, distribution or taking action in reliance of the contents of this
information is strictly prohibited and may be unlawful. KPMG is neither
liable for the proper and complete transmission of the information contained
in this communication nor any delay in its receipt.
**********************************************************************
This email is intended only for the use of the individual or entity
named above and may contain information that is confidential and
privileged. If you are not the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this email
is strictly prohibited. Opinions, conclusions and other information in
this message that do not relate to the official business of our firm
shall be understood as neither given nor endorsed by it.
**********************************************************************
