Fred commented on Charisse's response to my original query about firewall
assurance, saying "it seems...that the term 'assurance' is being used in two
different ways here." And I agree with Fred.
Unfortunately, I can't apply a bunch of science to my comments because I have
not done any assurance studies on software systems.
It seems to me, though, that there ought to be some method of determining the
risk associated with fielding a firewall, other than just to say that there
is a risk of data from a "more sensitive network" flowing to a "less sensi-
tive" one.
>From a system engineering point of view, if one were going to employ a
multi-step firewall, such as:
+-----------+ +------------+ +------------+
| Internet/ | | "Less- | | "More- |
| Public |---Firewall_A---| Sensitive" |---Firewall_B--| Sensitive" |
| Network | | Network | | Network |
+-----------+ +------------+ +------------+
I would intuit that it would be "safer" to employ a heterogeneous mix of
firewalls (Firewall_A & Firewall_B) so that weaknesses in A would not
necessarily be found in B.
In this case, an assurance value would really be something like the cross-
product of the two, except that in failure mode it would be either unity or
the value of the least-secure firewall (depending on the behavior in failure
mode).
By the way, should reporting or auditing, such as what Charisse mentioned,
materially affect a level of security assurance? I would imagine that it
would be useful for verifying assurance, but not for determining a level
of assurance, per se.
--
Kurt F. Sauer Another day.
Milpitas, California Another chance
to feel healthy.
ViaCrypt PGP key available on key servers
Follow-Ups:
References:
|
|
