Sources of network security templates or designs

Tomas L. Byrnes tomb at
Sat Jun 26 15:57:05 UTC 2010

While the DISA STIGs are probably the archetype, you have to start with
whatever the sponsoring or certifying authority uses, if you need to
pass some audit later.

Those almost always reference NIST docs:

For generic sources, I agree with Cymru as a good resource, but my
favorite is SANS.

> -----Original Message-----
> From: Sean Donelan [mailto:sean at]
> Sent: Wednesday, June 23, 2010 5:45 PM
> To: nanog at
> Subject: Sources of network security templates or designs
> While every network designer/architect with an emphasis on security
> his or her favorite design templates, I'm wondering what public
> do people start with?
>     Cisco SAFE and other published designs
>     IBM Redbooks
>     DOD Security Technical Implementation Guides (STIGs)
>     NIST Special Publications
>     O'Reilly series (specific books?)
> Of course, every designer customizes things based on the project and
> preferences.  So I'm not asking for what's best, or even what's wrong
> with particular sources.  Just where do you start?

More information about the NANOG mailing list