Home page logo
/

basics logo Security Basics mailing list archives

Re: Security design methodology
From: Terrence O'Connor <terrence.oconnor () gmail com>
Date: Sat, 3 Nov 2012 19:17:16 -0400

Alex,

I think the goal of a security professional is to understand those needs of the business and recommendations from the 
industry to find the right mix of interoperable systems.  There are many standards for various security needs and if 
one player in a space isn't compatible with the next they are crossed off the list.

Recommendations from vendors is biased.  Even product agnostic companies have a natural bias towards high margins.

Keeping that in mind, I am a fan of consolidated frameworks that give the biggest bang for the buck.  Even then you'll 
have a mix of providers and you need to understand capabilities and how they all work together.

Hit me up if you have specific questions .

On Nov 2, 2012, at 4:15 PM, Alex Creek <acreek83 () yahoo com> wrote:

Finding requirements first makes sense.  I can see how that would set the tone for what's needed.  Say if a company 
has a lot of users who connect externally, then a VPN would probably be the main driver.  

For compatibility between security systems, would it be best to just follow vendor recommendations?   


Alex
________________________________
From: Chris Stefan <chris.stefan1844 () gmail com>
To: Alex Creek <acreek83 () yahoo com> 
Cc: "security-basics () securityfocus com" <security-basics () securityfocus com> 
Sent: Friday, November 2, 2012 3:40 PM
Subject: Re: Security design methodology


Get the client requirements and objectives out of the way first. Then decide on hardware/software.
On Nov 2, 2012 3:26 PM, "Alex Creek" <acreek83 () yahoo com> wrote:

Lately I've been doing some research into network security.  For anyone with experience in network security 
design/build,  is there a method for what to do first when planning?  For example, should security be planned 
externally first then internally or vice versa? Which system is the most important?  Does everything need to work 
with firewall xyz or does everything need to work with a monitoring system abc?


Alex


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]