[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Dan Harkins wrote:
> > Some (high-level) general requirements:
> > 4) Maintain or exceed security current strength
> What does this mean? What is the "current strength" against which we'll
> measure the result to make sure we satisfy the requirement?
I suggest that we try to specify some representative usage
situations, and try to estimate the required security features
One situation would be a typical corporation and a remotely
connecting employee. Some of the security requirements could be:
- Requirement for identity protection would be low
- Requirement for authentication and encryption would be high
- The remote user would not be allowed any other internet
connectivity to prevent creating holes in the corporation firewall.
A requirement for connectivity by a three letter agency would
place heavy emphasis on identity protection..
A requirement for connectivity to a firewall or a central backbone
router would place heavy emphasis on preventing DoS attacks..
Having created a representative sample, we would specify which
modes and authentication methods would be suitable for the task.
A network administrator could then look for the closest
match when configuring the security of the system.
Ari Huttunen phone: +358 9 859 900
Senior Software Engineer fax : +358 9 8599 0452
Data Fellows Corporation http://www.DataFellows.com
F-Secure products: Integrated Solutions for Enterprise Security