Firewalls: Re: Net security

Firewalls
(March 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Net security
From:	Adam Shostack <adam @ homeport . org>
Date:	Fri, 1 Mar 1996 10:25:40 -0500 (EST)
To:	MARK @ nzqa . govt . nz (Mark Goring)
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<70093731019BCCD1 @ nzqa . govt . nz> from "Mark Goring" at Mar 1, 96 09:32:13 am

Mark Goring wrote:

| Out of interest, as this seems to be the place to ask...
| Any opinions as to what level of security the system behind the firewall 
| should be?
| I recently attended a seminar where it was recommended the system behind 
| the firewall should be B2 level secure.

	It depends on what you have on the network.  :)

	Less flipantly, you need to weigh costs vs risk.  The reason
firewalls are useful is because it makes it possible to concetrate your
risks.  This is handy because its impossible to secure every machine
in a class B net.

	If you have a set of 12 machines which control the issuance of
money, you should make each of them quite secure.  If you have a lab
full of student acccess terminals, you should assume the lab contains
hostile folks and either tie it down very tightly, or label it
hostile.  Or both.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

References:

Net security
From: Mark Goring <MARK @ nzqa . govt . nz>

Indexed By Date	Previous:	Re: catastrophe logs From: Adam Shostack <adam @ homeport . org>
Indexed By Date	Next:	Re: catastrophe logs From: Tim Keanini <blast @ crl . com>
Indexed By Thread	Previous:	Re: Net security From: Mike Malik -- Dover DE <mam @ ssds . com>
Indexed By Thread	Next:	Re: catastrophe logs From: Doug Hughes <Doug . Hughes @ Eng . Auburn . EDU>