>From firewalls-owner @
GreatCircle .
COM Fri Sep 8 13:01:46 1995
>Subject: Corporate Audits
Dan writes:
>----------------------------------------------------------------------+
>| Dan Murphy | CWA Comm Products | 401 Alberto Wy, Los Gatos, CA 95032 |
>| Vox: (408) 358-1529 | Fax: (408) 356-7061 | Email: dmurphy @
cwa .
com |
>+----------------------------------------------------------------------+
>So, have any of you big-business wage-slaves had corporate auditors come
>into your shop and ask questions (perceptive or otherwise) about
>firewalls and network security yet, and if so, would you be willing/able
>to share such stories with the list? Better yet, does anybody work for
>one of the Used-To-Be-Big-7 accounting firms and know what they're doing
>internally about this?
>
I'll tell you one thing they better not be doing and thats trusting all
their defences to *just* the firewall.
Some of the ones I've talked with (that happened to -pass- their audit)
have gone to an internal approach of also securing the desktops and
enhancing the internal network.
The four "A"'s
Authentication
Authorization
Accountability
Access control
The firewall should be your best/strongest defence but it should *never*
be your _only_ defence
=======================================================================
Brad Powell : brad .
powell @
Sun .
COM
Sr. Network Security Consultant
SunNetworks, Sun Microsystems Inc.
=======================================================================
The views expressed are those of the author and may
not reflect the views of Sun Microsystems Inc.
=======================================================================
|
|
