SANS (www.sans.org) usually has some good resources. Here is the direct
link to their sample security policies:
http://www.sans.org/newlook/resources/policies/policies.htm
Jim
""Tom"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I've heard many things about a "security policy" and I understand what I
> would specify on one, but could someone point me in a direction to check
out
> a "sample" security policy. At least I could look at what questions
should
> be answered by my policy. Just looking for some general guidelines. Even
a
> reference to a book or website would be welcome.
>
> Thanks,
>
>
>
>
> Tom McNamara, MCSE, CCNA
> McNamara Professional Services
> (407)822-5199 Phone
>
>
> --------------------------------------------
> A bus station is where a bus stops.
> A train station is where a train stops.
> On my desk, I have a work station...
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Jim Deane
> Sent: Thursday, February 01, 2001 1:28 PM
> To: [EMAIL PROTECTED]
> Subject: Re: What should I block???
>
>
> Well, that depends.
>
> My first recommendation would be to review your company security policy
> which was signed off on by executive management. That policy should list
> what types of traffic, ports, etc. your company has deemed necessary and
> will allow into their environment. It should also dictate what types of
> traffic will be allowed *out* of your network.
>
> My first recommendation isn't probably terribly useful since I have found
> that most companies don't have a well defined security policy blessed by
the
> CEO. This is, IMHO, a recipe for disaster. I would strongly recommend
> either having them come up with a security policy (which will then dictate
> what your ACL and FW rulebase look like), or you come up with one, but
have
> them "bless" it.
>
> You should definitely set up access lists to protect the router itself
(i.e.
> deny telnet, SNMP, etc.) Some people also "mirror" the security policy
> (i.e. rule base) on their firewall on the border router. This lets the
> router receive the brunt of most port scans, etc. I would also recommend
> blocking the receipt of any packet with a source address of any of the RFC
> 1918 addresses, any packet with a source address with a first octet of
255,
> etc. You can either block the RFC 1918 addresses with an ACL, or route
them
> to Null0. I've seen both approaches used.
>
> Pick long, complex passwords for your border router and use "service
> password encryption" to encrypt them.
>
> Check your logs regularly.
>
> Be a good internet neighbor and set up outbound ACLs that only allow
traffic
> that originated on your network out. This cuts down on spoofing.
>
> If your management won't sign off on whatever security policy you come up
> with, make sure you figure out in advance who is responsible/culpable when
> you get hacked.
>
> If you are new to Checkpoint Firewalls and Information Security, subscribe
> to the FW-1 mailing list on the Checkpoint web site. There are some
great,
> knowledgeable guys and gals on that list. It is focused mainly on FW-1,
but
> they also cover many general security concepts from time to time. Also,
> check out www.phoneboy.com/fw1 for FW-1 related "stuff."
>
> Marcus Ranum runs a good, vendor agnostic firewall mailing list at
> http://www.nfr.com/mailman/listinfo/firewall-wizards
>
>
> HTH,
> Jim
>
>
> <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi Group,
> > I know that this is going to be very broad but just bare with me on
> this one. We are switching over our firewall router from a bay to a cisco.
> The cisco one that I am going to work on is already pre-configured except
> for access-lists and filters. What they basically told me is that the
> checkpoint device behind it will take care of all of the intense blocking
> and forwarding, but on this FW-router we just want to block the basic
things
> that are usually not allowed through.
> > Here's what I was hoping for. Just a basic list of things that are
> normally blocked on the router above the FW. For example, I know that I'm
> gonna set an inbound access-list denying telnet so that the checkpoint
> doesn't even have to worry about that. I am just looking for a list of
> services/ports/etc., that as a rule of thumb to you FW guru's, are usually
> denied. I know this is broad and I'll understand if I don't get much
> feedback. Gotta also find that whitepaper on FW's. Concidering this will
be
> my first time coming anywhere near a FW (FW Virgin) I'm a little nervous
and
> hope you guys can help out. Thanks all, =o)
> >
> > Mark Z...
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
