> Hi, > > Our auditors want to know how many rules a firewall should have.
Actually an absurdly simplistic and foolish question for them. > > I told them that 'it depends'. But they want me to answer > the following > question: Yes, it depends on the company security policy. Firewalls do not set policy, they only enforce it. > > How many rules should both the perimeter and internal > firewalls of a global > financial services organization have? It depends. Tell them to give you a detailed company security policy and you can build a rulebase to implement their policy. Then you can give them a count. That is how many you should have. ;) > > I need to point them to a document or URL. Anyone have a > reference I could > use? Try "Building Internet Firewalls" by Chapman and Zwicky, available at O'Reilly's (www.ora.com). Chapter 11 covers security polices. good luck Hal > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
