[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Security & Policy Architecture
From:       Paul Ferguson <pferguso () cisco ! com>
Date:       1997-06-23 12:45:57
[Download RAW message or body]

A couple of thoughts.

I find all of this discussion on security architecture, and the
subsequent analogies of building houses, charming. However, this
is somewhat misleading. I would suggest that the 'blueprint'
analogy is appropriate in constructing a policy, but there is a
more insidious problem which plagues organizations.

I'll use this analogy: Once the house is built, and no matter
how secure its perimeter has been designed, it becomes
an issue of explaining to the children that leaving the house
with the front door securely locked, and all of the windows
open, is self-defeating. While the house can indeed be properly
secured, it becomes an issue of using the tools (locks and alarm)
properly to thwart (and track) intruders.

So, what is needed is adult supervision and stern consequences
for not following the house rules -- a policy with teeth. Without
consequences for not abiding by policy, the best defenses and
intentions are completely useless.

- paul


--
Paul Ferguson                                           ||        ||
Consulting Engineering                                  ||        ||
Herndon, Virginia   USA                                ||||      ||||
tel: +1.703.397.5938                               ..:||||||:..:||||||:..
e-mail: pferguso@cisco.com                         c i s c o S y s t e m s

[prev in list] [next in list] [prev in thread] [next in thread]