From: f.harster (f.harster@evc.net)
Date: Thu May 09 2002 - 04:34:00 EDT
Rhino Bond wrote:
>Folks,
>
>Since many of us are intensly commited to learning,
>research and knowledge I felt it appropriate to post
>this here. At my current contract we are trying to
>come up with a set of rules that is "all inclusive"
>(as much as possible). Granted a Security Policy is
>part of it, so are firewall rules, so might be the
>rules for the IDS. When I asked for further
>clarification on this topic, I was told, "you know
>something like "fuzzy-logic" that states IF "A" then
>"Z" (for example a hacker is hacking away at the
>firewall), BUT if the hacker breaks through the
>firewall, then We need to jump to IDS rules, so now
>it's IF B then Y, and if the hacker get's into the
>corporate piggy bank and steals money, then it's IF C
>then X...
>
>Any thoughts on this? Anyone seen a white paper on
>such a set of rules?
>
David,
actually this reminds me of the "Defense-in-Depth" concept applied to
network/system security, but i may be wrong ;)
have a look at this one in the meantime :
http://rr.sans.org/start/primer.php
cheers
Fred
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:28:08 EDT