Sources of network security templates or designs
While every network designer/architect with an emphasis on security has his or her favorite design templates, I'm wondering what public sources do people start with? Cisco SAFE and other published designs IBM Redbooks DOD Security Technical Implementation Guides (STIGs) NIST Special Publications O'Reilly series (specific books?) Of course, every designer customizes things based on the project and preferences. So I'm not asking for what's best, or even what's wrong with particular sources. Just where do you start?
You start with all of them once you have a good understanding of the underlying protocols. There is no cheat-sheet. -----Original Message----- From: Sean Donelan [mailto:sean@donelan.com] Sent: Thursday, June 24, 2010 2:45 AM To: nanog@nanog.org Subject: Sources of network security templates or designs While every network designer/architect with an emphasis on security has his or her favorite design templates, I'm wondering what public sources do people start with? Cisco SAFE and other published designs IBM Redbooks DOD Security Technical Implementation Guides (STIGs) NIST Special Publications O'Reilly series (specific books?) Of course, every designer customizes things based on the project and preferences. So I'm not asking for what's best, or even what's wrong with particular sources. Just where do you start?
http://www.team-cymru.org/ReadingRoom/Templates/ Sean Donelan wrote on 24/06/10 02:45:
While every network designer/architect with an emphasis on security has his or her favorite design templates, I'm wondering what public sources do people start with?
Cisco SAFE and other published designs IBM Redbooks DOD Security Technical Implementation Guides (STIGs) NIST Special Publications O'Reilly series (specific books?)
Of course, every designer customizes things based on the project and preferences. So I'm not asking for what's best, or even what's wrong with particular sources. Just where do you start?
-----Original Message----- From: Sean Donelan [mailto:sean@donelan.com] Sent: Wednesday, June 23, 2010 5:45 PM To: nanog@nanog.org Subject: Sources of network security templates or designs
While every network designer/architect with an emphasis on security has his or her favorite design templates, I'm wondering what public
While the DISA STIGs are probably the archetype, you have to start with whatever the sponsoring or certifying authority uses, if you need to pass some audit later. Those almost always reference NIST docs: http://www.nist.gov/itl/publications.cfm?defaultSearch=false&authorlist= &keywords=&topics=309&seriesName=&journalName=&datepicker1=&datepicker2= # For generic sources, I agree with Cymru as a good resource, but my favorite is SANS. http://www.sans.org/reading_room/ sources
do people start with?
Cisco SAFE and other published designs IBM Redbooks DOD Security Technical Implementation Guides (STIGs) NIST Special Publications O'Reilly series (specific books?)
Of course, every designer customizes things based on the project and preferences. So I'm not asking for what's best, or even what's wrong with particular sources. Just where do you start?
On Sat, 26 Jun 2010, Tomas L. Byrnes wrote:
While the DISA STIGs are probably the archetype, you have to start with whatever the sponsoring or certifying authority uses, if you need to pass some audit later.
True, but even sponsoring and certifying authorities need to get information from somewhere. So where should they get it from? For example, amex/mastercard/visa/others created PCI security standards; and if all you want to do is achieve compliance with those security standards that's where you would stop. But where should the people creating the PCI security standards look beyond their own world to find better ideas to improve the next version? Replace "PCI" with whatever your favorite group is... CAG, SOX, FDCC, etc.
Those almost always reference NIST docs: http://www.nist.gov/itl/publications.cfm?defaultSearch=false&authorlist= &keywords=&topics=309&seriesName=&journalName=&datepicker1=&datepicker2= #
NIST documents are updated on a regular basis. If part of your job was helping to update NIST documents, are there other resources to consider when updating those documents? Are there things in NIST documents you think could be improved?
For generic sources, I agree with Cymru as a good resource, but my favorite is SANS.
participants (4)
-
Chris Gravell -
jul -
Sean Donelan -
Tomas L. Byrnes