On Wed, 23 Apr 1997, Larry Kwiat wrote:
> > Does anyone know of any vendors that provide secure
> > access products that account for poorly configured client
> > machines? What is the best way to guard against these
> > types of problems?
You might want to use the guidelines of iso-9001 in the planning phase of
your security policy. It is boring bureocratic nonsense, but there are a few
good ideas in it. And using automated scanning tools is a sensible thing
anyway. Well, and security audits from noninterested parties.
If you cite from the standard, they will surely be completely uninterested :)
GNU GPL: csak tiszta forrásból