Dave,
The Eagle (as well as most other firewalls) does come with a default
security policy - "deny all". Exceptions to the blanket deny must be
determined by the client. Although a competent consultant can help
you in formulating a comprehensive security policy, no one can tell you
what your policy should be. Policies are as unique as each organization
and must reflect the needs and expectations of that particular company.
Only you (collectively) can decide whether you will allow staff access
to http, for instance. If you decide you will, then only you can decide to
what extent you will allow access; i.e. unlimited, restricted to after-hours,
available only to certain groups within your organization, etc. etc.
Similarly, only you can decide to what extent you will/can allow external
access to your network and only you can determine what level of user
authentication you will be comfortable with. These are not the kind of
decisions you want someone else making for you.
The process of determining a comprehensive security policy is not an
easy one. It requires significant thought, effort, and time. Unfortunately
however, without this up-front investment, your firewall is not likely to
perform in the manner you want or need.
You asked "How many people really use a well thought out set of policies
and procedures with their firewalls? ". The answer is "not nearly enough".
In point of fact, the "well thought out policies and procedures" should be
established first, and then the firewall should be selected based on its
ability to effectively implement your policies.
If you're really at a loss as the how to proceed, I would strongly recommend
seeking out a reputable consultant to help you. In your case, one with
experience with Eagle would be helpful, but certainly not essential since a
well constructed security policy should be platform independent.
Regards,
Brian
p.s. b.t.w., a well-constructed policy should not require constant tweaking of
the firewall.
At 07:48 AM 96/10/18 -0500, Dave Elfering wrote:
>As a recent newcomer to the firewall list, and for that matter to firewalls
>in general I've been wondering several points with regard to a project I've
>been assigned.
>
>My company has already purchased Raptor Eagle for NT (v 3.0.5) for our
>impending connection to the internet. My question isn't so much technical
>(though that's definetly time consuming), but rather on the political side
>of the street. Though I've been impressed with the relative simplicity of
>installing the Raptor software, I've been given no set of security policies
>to govern *how* I set it up. Moreover, I don't think there has been any
>thought to ongoing administration of the firewall once it is in place.
>
>How many people really use a well thought out set of policies and
>procedures with their firewalls? How much ongoing effort/maintenance does a
>product like Raptor (for NT) take once it's in place? My initial
>inclinations are two-fold; botton the FW down extremely tight, or refuse to
>install it until better direction is forthcoming.
>
>Are there any trade rags which center on firewalls? I've scanned the WWW
>and not found any fruitful sites. I've already purchased the two best FW
>reference books I could find (Building INet Firewalls Zwicky&Chapman, FWs &
>Internet Security;Cheswick & Bellovin), but am really trying to tune more
>tightly into the industry.
>
>My apologies if these are not within the scope of the list, it just seems
>that no one talks about these aspects. Given my newness to the subject, I
>have no background data to use in an effort to push the matter and just
>want to garner more experienced views.
>
>Dave Elfering
>http://www.xroads.com/~elfering
>elfering @
worldnet .
att .
net
>
>
>
========================================================
Brian J. McIntosh
UniSol Inc.
53 Courtney Road Tel: 613 831 6373
Kanata, Ontario Fax: 613 831 4739
Canada, K2L 1M1 Email: bjm @
ottawa .
net
========================================================
|
|
