Add a large section explaining that a "planning phase" is a good idea.

svn path=/head/; revision=27598
2006-04-21 05:41:40 +00:00 · 2006-04-21 05:41:40 +00:00 · 0bda358efe · 2020-12-08 03:00:23 +00:00
commit 0bda358efe
parent 4cf1c40ada
1 changed files with 33 additions and 0 deletions
--- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
@ -832,6 +832,39 @@ test: biba/high</screen>
    </sect2>
  </sect1>

+  <sect1 id="mac-planning">
+    <title>Planning the Security Configuring</title>
+
+    <para>As with implementing any technology, there must be a planning
+      phase.  During this time is it best an administrator looks at
+      their plight as a whole and defines exactly what is needed.
+      Examine thoroughly what requirements exist, how to accomplish
+      the final goal.  How must information be classified or restricted,
+      what users should be given access and which <acronym>MAC</acronym>
+      module or modules will be required to achieve this goal.</para>
+
+    <para>Although it is always possible to reconfigure and change the
+      system resources and security settings, it is inconvenient to
+      search through the system and fix existing files and user
+      accounts.  Planning helps to ensure a trouble-free and efficient
+      trusted system implementation.  A trial run of the trusted system,
+      including the configuration, is often vital and definitely
+      beneficial before.  The idea of just letting loose on a system
+      with <acronym>MAC</acronym> is like setting up for failure.</para>
+
+    <para>Different environments may have explicit needs and
+      requirements.  Establishing an in depth and complete security
+      profile will decrease the need of changes once the system
+      goes live.  As such, the future sections will cover the
+      different modules available to administrators; describe their
+      use and configuration; and in some cases provide insight on
+      what situations they would be most suitable for.  For instance,
+      a web server might roll out the &man.mac.biba.4; and
+      &man.mac.bsdextended.4; policies.  In other cases, a machine
+      with very few local users, the &man.mac.partition.4; might
+      be a good choice.</para>
+  </sect1>
+
  <sect1 id="mac-modules">
    <title>Module Configuration</title>