1 |
pappy 07/10/27 21:30:02 |
2 |
|
3 |
Added: index.xml |
4 |
Log: |
5 |
adding preliminary version of project homepage |
6 |
|
7 |
Revision Changes Path |
8 |
1.1 xml/htdocs/proj/en/extreme-security/threatmodels/index.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/extreme-security/threatmodels/index.xml?rev=1.1&view=markup |
11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/extreme-security/threatmodels/index.xml?rev=1.1&content-type=text/plain |
12 |
|
13 |
Index: index.xml |
14 |
=================================================================== |
15 |
<?xml version='1.0' encoding="UTF-8"?> |
16 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
17 |
|
18 |
<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/extreme-security/threatmodels/index.xml,v 1.1 2007/10/27 21:30:01 pappy Exp $ --> |
19 |
|
20 |
<guide link="/proj/en/extreme-security/threatmodels/index.xml"> |
21 |
<title>Threat Models</title> |
22 |
<author title="Author"> |
23 |
<mail link="pappy@g.o">Alexander Gabert</mail> |
24 |
</author> |
25 |
|
26 |
<!-- |
27 |
<author title="Contributor"> |
28 |
<mail link="XXX">YYY</mail> |
29 |
</author> |
30 |
<author title="Editor"> |
31 |
<mail link="XXX">YYY</mail> |
32 |
</author> |
33 |
--> |
34 |
|
35 |
<abstract> |
36 |
|
37 |
The threat model is the starting point of a security improvement process. |
38 |
|
39 |
</abstract> |
40 |
<version>0.1</version> |
41 |
<date>2007-10-27</date> |
42 |
|
43 |
|
44 |
<chapter> |
45 |
<title> |
46 |
Introduction to threat models |
47 |
</title> |
48 |
<section> |
49 |
<body> |
50 |
<p> |
51 |
|
52 |
The threat model is the starting point of a security improvement process: |
53 |
It contains the possible attack vectors to the technology encountered in any business. |
54 |
</p> |
55 |
<p> |
56 |
In our threat model we will impersonate the role of a security principal doing in-house consulting and providing |
57 |
guidelines and a security architecture for an idealized, non-existing, example company with almost |
58 |
no constraints on time, money, receiving the full support from upper management in their decisions. |
59 |
</p> |
60 |
<note> |
61 |
|
62 |
<!-- |
63 |
|
64 |
TODO |
65 |
|
66 |
threatmodels: describe three threat models relative to company size: |
67 |
- small company (no internet infrastructure, NAT, no remote sites, 1-2 servers, 5-20 desktops) |
68 |
- medium company (one mail server in-house, DMZ, NAT, one or two remote sites, max. 5-10 servers, 20-100 desktops) |
69 |
- big company (router backbones, NAT, DMZ, VPN, internet servers (www,smtp,ssh, business2business connections), 100-1000 desktops, 10-100 servers) |
70 |
|
71 |
--> |
72 |
|
73 |
</note> |
74 |
</body> |
75 |
</section> |
76 |
</chapter> |
77 |
|
78 |
<!-- |
79 |
|
80 |
<chapter> |
81 |
<title> |
82 |
|
83 |
|
84 |
|
85 |
</title> |
86 |
<section> |
87 |
<title> |
88 |
|
89 |
|
90 |
|
91 |
</title> |
92 |
<body> |
93 |
<p> |
94 |
</p> |
95 |
|
96 |
<p> |
97 |
</p> |
98 |
|
99 |
<p> |
100 |
</p> |
101 |
|
102 |
</body> |
103 |
</section> |
104 |
</chapter> |
105 |
|
106 |
--> |
107 |
|
108 |
</guide> |
109 |
|
110 |
|
111 |
|
112 |
-- |
113 |
gentoo-commits@g.o mailing list |