This is a very rough draft for a commercial assessment.
o An internal assessment of the security policy
- How closely is it followed
- How well is it understood by the rank and file
- Are there clearly defined policies to cover future technologies
o An internal assessment of the physical security of the network
- Are servers exposed to unauthorized personnel
- Are all staff adequately trained in good security posture
o Suggestions for options for the Sidewinder firewall/DMZ problems
- DMZ separate from firewall
- Screening router between internet and company, and DMZ behind
that, but separate from firewall.
- Firewall replacement options, such as Checkpoint Firewall-1, and
Gauntlet.
o Scaling suggestions for moving from 200 to 1000, and from 1000 to
10,000 customers
- Various types of options here, including separate solutions
depending on service level needed
- PKI solution may be brought to bear here
- Card or other hardware token is also useful
In all these cases, the problem of authentication must still be
addressed. One of the best methods for dealing with customers whose
authentication may need to be removed is to have decaying tokens.
Kerberos grants tickets for some limited range of time, and then
requires that the end user reauthenticate. A system, like this, that
requires some sort of authentication, not dependent on prior passwords,
but rather on some company granted access, might be satisfactory..
Last modified: Sat Oct 30 22:55:22 PDT 2004