diff options
| author | Tom Rhodes <trhodes@FreeBSD.org> | 2006-04-27 07:31:52 +0000 |
|---|---|---|
| committer | Tom Rhodes <trhodes@FreeBSD.org> | 2006-04-27 07:31:52 +0000 |
| commit | 45f15433afa56e300d7f3bbaa17e334354a8d96e (patch) | |
| tree | 2db8d6dfdcbb290074a3b4fb60382b8a2c25aa18 /en_US.ISO8859-1/books/handbook/mac | |
| parent | 5e3eff0328b6b99c9516d67b78a267ab9a7920f4 (diff) | |
| download | doc-45f15433afa56e300d7f3bbaa17e334354a8d96e.tar.gz doc-45f15433afa56e300d7f3bbaa17e334354a8d96e.zip | |
Instead of paragraphs, use one of the various list tags.
Submitted by: keramida
Notes
Notes:
svn path=/head/; revision=27641
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/mac')
| -rw-r--r-- | en_US.ISO8859-1/books/handbook/mac/chapter.sgml | 41 |
1 files changed, 30 insertions, 11 deletions
diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml index 97fe1fc223..c2ca29bdc9 100644 --- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml @@ -835,21 +835,40 @@ test: biba/high</screen> <sect1 id="mac-planning"> <title>Planning the Security Configuration</title> - <para>As with implementing any technology, there must be a planning - phase. During this time is it best an administrator looks at - their plight as a whole and defines exactly what is needed. - Examine thoroughly what requirements exist, how to accomplish - the final goal. How must information be classified or restricted, - what users should be given access and which <acronym>MAC</acronym> - module or modules will be required to achieve this goal.</para> - - <para>Although it is always possible to reconfigure and change the - system resources and security settings, it is inconvenient to + <para>Whenever a new technology is implemented, a planning phase is + always a good idea. During the planning stages, an administrator + should in general look at the <quote>big picture</quote>, trying + to keep in view at least the following:</para> + + <itemizedlist> + <listitem>The implementation requirements</listitem> + + <listitem>The implementation goals</listitem> + </itemizedlist> + + <para>For <acronym>MAC</acronym> installations, these include:</para> + + <itemizedlist> + <listitem>How to classify information and resources available on + the target systems.</listitem> + + <listitem>What sorts of information or resources to restrict + access to and the type of restrictions that should be + applied.</listitem> + + <listitem>Which <acronym>MAC</acronym> module or modules will be + required to achieve this goal.</listitem> + </itemizedlist> + + <para>It is always possible to reconfigure and change the + system resources and security settings, it is quite often very inconvenient to search through the system and fix existing files and user accounts. Planning helps to ensure a trouble-free and efficient trusted system implementation. A trial run of the trusted system, including the configuration, is often vital and definitely - beneficial before. The idea of just letting loose on a system + beneficial <emphasis>before</emphasis> a <acronym>MAC</acronym> + implementation is used on production systems. The idea of just + letting loose on a system with <acronym>MAC</acronym> is like setting up for failure.</para> <para>Different environments may have explicit needs and |