Re: CRIME Checkpoint versus Sonicwall

From: Crispin Cowan (crispin@private)
Date: Fri Aug 30 2002 - 20:34:50 PDT

Next message: Toby: "Re: CRIME Checkpoint versus Sonicwall"

Previous message: Andrew Plato: "RE: CRIME Checkpoint versus Sonicwall"
In reply to: Andrew Plato: "RE: CRIME Checkpoint versus Sonicwall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew Plato wrote:

>>Nicholas Murphy wrote:
>>
>>>Since my company has a very small IT budget (or no budget) 
>>>because the powers that be do not want to spend money on technology.  
>>>Are most of you saying that this small company should just go without any 
>>>IDS or firewall because they do not have the money for it?
>>>      
>>>
>I would say that you need to prioritize your needs and I would agree with Crispin (mark this moment, it happens infrequently) that a firewall is probably priority one. 
>
:-)

>Were I to "prioritize" your company's computer security issues, it might look something like this.
>
>1. Firewalls and perimeter defense (including VPN/remote access)
>2. Centralized user accounts and access control lists
>3. System hardening (including virus scanning)
>4. Risk assessment & analysis
>5. Company/organizational security policies
>6. Intrusion detection and monitoring
>7. Vulnerability assessment
>8. System integrity
>9. Two-factor logon
>10. Process-level security
>11. PKI
>
>Now we could haggle over the order of such a list and I am sure others may add or delete items, but
>
Remarkably, I almost completely agree with Andrew's priority list. 
Here's mine, for perspective.

   1. Firewalls and perimeter defense (including VPN/remote access)
   2. Centralized user accounts and access control lists
   3. System hardening (including virus scanning)
   4. Risk assessment & analysis
   5. Company/organizational security policies
   6. Vulnerability assessment
   7. System integrity
   8. Two-factor logon
   9. Process-level security
  10. PKI
  11. Intrusion detection and monitoring

No need to haggle over the order, I accept Andrew's order as valid.

Note: this list assumes nearly zero Internet service presence, i.e. the 
office is just some folks with web browsers and mail clients. If there 
is public web service, then it changes.

I also assume that "system integrity" means Tripwire or such like; an 
IDS that is much more useful for forensic purposes than a NIDS.

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX                      http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html

Next message: Toby: "Re: CRIME Checkpoint versus Sonicwall"
Previous message: Andrew Plato: "RE: CRIME Checkpoint versus Sonicwall"
In reply to: Andrew Plato: "RE: CRIME Checkpoint versus Sonicwall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 30 2002 - 23:33:01 PDT