I would think that a good firewall may have 3 rules (permit internet and e-mail, deny everything else) while a bad firewall that needs 500 lines to permit everything could be too loose. But thats too generic to be useful. Probably the best thing to do is to develop a firewall policy. You can then reference the number of needed applications. And what part of the network they need to traverse.
You may get away with telling them what is allowed through the firewall instead of the actual rules that allow this (if you document it in a policy or standard). You might be able to quote some of the papers below. Developing a Local Firewall Security Policy http://www.securitydocs.com/thread/1458 Building Your Firewall Rulebase http://www.securitydocs.com/thread/403 Directory of firewall papers http://www.securitydocs.com/Firewall -- Mitchell >>> [EMAIL PROTECTED] 05/06/04 09:43AM >>> How many rules should both the perimeter and internal firewalls of a global financial services organization have? I need to point them to a document or URL. Anyone have a reference I could use? NOTICE: The contents of this email and any attachments to it may contain privileged and confidential information from BDO Seidman, LLP. This information is only for the viewing or use of the intended recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of, or the taking of any action in reliance upon, the information contained in this e-mail, or any of the attachments to this e-mail, is strictly prohibited and that this e-mail and all of the attachments to this e-mail, if any, must be immediately returned to BDO Seidman, LLP or destroyed and, in either case, this e-mail and all attachments to this e-mail must be immediately deleted from your computer without making any copies thereof. If you have received this e-mail in error, please notify BDO Seidman, LLP by e-mail immediately. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
