On Wed, 27 Mar 2002, Saso Virag wrote: > In message <[EMAIL PROTECTED]>, > "Fredy Santana" writes: > [After the influx of unsubscribe messages, I really feel out of > place posting about something that might be relevant.]
Shame on you! ;) > You can either pay for someone else to do the audit for you, or you > can do it yourself. With the second option, you will actually learn > stuff and see things you haven't seen before. You can also learn stuff with the first option- especially if the person doing the audit _really_ knows their stuff. People who've worked with a product for a while tend to know tips and tricks that aren't in the docs. If you already know a lot about the platform and package, then doing it yourself is more useful. If you require some validation, having it done is better. Both is probably the best overall option for those who need assurance. > I have done this a couple of times in my previous life and the best > way to tackle this problem _is_ actually low-tech. Grab yourself a > couple of sheets of paper (A3 or bigger, if possible), and color pencils. > > Now, draw your firewall, the network layout and then draw your *gasp* > 79 rules onto the same network layout. Liberally use different colors, > try color coding according to the direction of the traffic, importance > of the traffic ... I used to keep a big box of dollar store crayons for diagraming. I don't think they ever made it to the boss' refridgerator, but he kept the diagrams in his desk because he could answer questions about which protocols were allowed fairly easily without bugging me. Copies were a pain in the butt to make though ;) (This was before color copiers were around.) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
