Proposal regarding security chapter

Max Laier max at love2party.net
Sat Nov 20 02:35:39 UTC 2004 

On Friday 19 November 2004 21:33, Tillman Hodgson wrote:
> On Fri, Nov 19, 2004 at 09:01:15PM +0100, Remko Lodder wrote:
> > Tillman Hodgson wrote:
> > >"Firewall", by itself, doesn't feel like an intuitive place to split
> > >topics to me (aside from the convenience of its size).  However, I
> > >can see a natural split between network security and host security.
> > >In that scenario, MAC would become the largest portion of the host
> > >security chapter.
> > >
> > >That still leaves security with 2 chapters, unfortunately. It only
> > >addressed the page count balance between the two chapters.
> >
> > Well, i had a tiny little discussion on EFNet on our docs channel
> > (#bsddocs) and there is another suggestion to make a section V for
> > security and place all security related stuff in there like
> > MAC,Firewalls,Secure system stuff (or whatever it should be named).
>
> I like this idea the best.
>
> Ok, granted, in one of aspects I'm a security consultant and so I'm a
> /little/ biased as to it's importance, but there's a practical benefit
> as well: Each topic gets it's own chapter. And, seriously, some of the
> Security sub-chapters suffer from too-many-sub-level-itis. This would
> alleviate a lot of that.
>
> > I do not think that it's good to place Firewall and Mac into one
> > chapter. But that's perhaps a bit of taste :)
>
> Nope, I agree with you. I was proposing to have a network and a host (or
> local, which Tom suggested for a name) chapter. Firewalling would be in
> the network chapter, MAC would be in the local chapter. This is now my
> second-best ideal, though, after the new Section V idea.

MAC is not strictly local or host, it has it's fingers in the netstack as 
well. Since MAC is a complete system to look at security I think it's good to 
keep all documentation regarding it in one chapter under the TBD Security top 
level chapter. The same is true for Firewalls. Though a firewall *is* a vital 
part of "III. System Administration" as well as "IV. Network Communication" 
the firewall itself is as system to serve on purpose: "V. Security".

I strongly support your point that security is an important topic. Hence, it 
should be really easy for new and especially advanced users to find the 
information that relates to security. Moreover, it should be easy to go to a 
specific subtopic within the security scope - such as Firewalls->PF ;) or 
MAC->Biba. It's not effective to go through several pages just to find these 
information.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-doc/attachments/20041120/f517b445/attachment.sig>

More information about the freebsd-doc mailing list