--0QFb0wBpEddLcDHQ Content-Type: text/plain; charset=us-ascii 2000-02-05-02:40:11 Omar T. Fahnbulleh: > You can write your own Security assessment if you use RFC2196. You can write your own security assessment if you know what you're doing. RFC2196 may help you learn what you're doing; it's not a bad doc. There are lots of other good resources I'd recommend; first and foremost is always Bellovin and Cheswick's Firewalls and Internet Security, it makes all the basic concepts clear. But no matter how expert you are, there are things you don't know. And unless you way, _WAY_ more expert than the auditor (only a problem if you get a computer security audit from a financial auditing firm, and don't squeeze 'em by the goolies until they cough up a real security analyst) just getting an independant second look at your security policy and implementation can be a big help. -Bennett --0QFb0wBpEddLcDHQ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD4DBQE4nD9AL6KAps40sTYRAUc3AJUUb92OHef+kmGbRRbcBVlrREXsAJ0akpF/ 9CHiBKmAN3Nsi5Q8CermDA== =KODO -----END PGP SIGNATURE----- --0QFb0wBpEddLcDHQ--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:00:46 PDT