Re: [FW-1] How many rules should a firewall have?

Thu, 06 May 2004 14:57:40 -0700

You probably can't just tell the auditors it's a stupid question...

A reasonable answer is "Enough to implement our security policy, but no
more than is necessary (for that)."

You do have a written security policy, don't you?

HTH.
--
David Strom

Albert Higgins wrote:

Hi,

Our auditors are in the midst of things, and they want to know how many
rules a firewall should have.

I told them that ‘it depends’.    I said that there is no specific number
and a good firewall can have 500 rules, while a bad firewall can have 3
rules.

They nonetheless want a specific number and they want me to answer the
following question:

How many rules should both the perimeter and internal firewalls of a global
financial services organization have?

I need to point them to a document or URL.   Anyone have a reference  I
could use?

Thanks!!!!

_________________________________________________________________
Watch LIVE baseball games on your computer with MLB.TV, included with MSN
Premium!
http://join.msn.com/?page=features/mlb&pgmarket=en-us/go/onm00200439ave/direct/01/


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to