Answer: as many rules as necessary to make the firewall perform as prescribed by your information security policy. The document you need to point to is your own policy document.
Hope that helps & good luck... And find new auditors. They don't seem know how to audit a firewall if they are asking a question like that. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Albert Higgins Sent: Thursday, May 06, 2004 10:14 AM To: [EMAIL PROTECTED] Subject: [FW-1] How many rules should a firewall have? Hi, Our auditors want to know how many rules a firewall should have. I told them that 'it depends'. But they want me to answer the following question: How many rules should both the perimeter and internal firewalls of a global financial services organization have? I need to point them to a document or URL. Anyone have a reference I could use? Thanks!!!! _________________________________________________________________ Mother's Day is May 9. Make it special with great ideas from the Mother's Day Guide! http://special.msn.com/network/04mothersday.armx ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
