Home > Ask the Security Experts > Network Security Questions & Answers > Should the government reduce its external Internet connections?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Should the government reduce its external Internet connections?

Mike Chapple, featured expert EXPERT RESPONSE FROM: Mike Chapple, featured expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 02 December 2008
Is the federal government's plan to reduce its number of external Internet connections from 8,000 to fewer than 100 a feasible one? What security risks are increased with such a move?

>
Last summer, the federal government announced a plan to gradually reduce its number of Internet connections to less than 100 in an attempt to reduce their susceptibility to attack. Yes, it certainly is a feasible move, and it's a lesson that every enterprise should take to heart.

The fewer external points of access there are on a network, the easier it is to secure the network against external attack. Each connection, which should require a properly configured firewall, introduces one more door that a malicious hacker could break down, so to speak.

As far as security risks, I can only think of one: the introduction of more consolidated single points of failure. That is, if one connection fails, a larger portion of the government will be affected by the outage. However, this availability concern is easily overshadowed by the security improvements gained by reducing the complexity of the network.

Still, through the judicious use of connection sharing and VPN links between sites, it's possible -- and recommended -- for enterprises to consolidate external network connections to a manageable number.

More information:

  • See why some House legislators have ripped the cyberinitiative plan.


    • BROWSE BY TAG
    Network Security,   NAC and Endpoint Security Management,   Network Access Control Basics,   Enterprise Network Security,   Network Intrusion Detection and Analysis,   Monitoring Network Traffic and Network Forensics,   VIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Network Security
    How to set up a split-tunnel VPN in Windows Vista
    What is the difference between static and dynamic network validation?
    Port scan attack prevention best practices
    Securing the intranet with remote access VPN security
    How to prevent network sniffing and eavesdropping
    How to implement virtual firewalls in a complex network infrastructure
    How to manage network bandwidth with distributed ISP bandwidth
    How to edit group policy objects to give a user local admin rights
    How to prevent operating system cloning with AES 256-bit encryption
    How to securely connect a LAN POS to a remote point-of-sale device

    Network Access Control Basics
    Security vendors can learn from ConSentry Networks demise
    Best Network Access Control Products
    Perimeter defense in the era of the perimeterless network
    Network access control technology: Over-hyped or underused?
    Symantec offers endpoint protection management, monitoring services
    Configuring access control lists
    What is the difference between a VPN and remote control?
    Quiz: Endpoint security on a budget
    Opinion: Gartner gets NAC wrong, again
    What security software should be installed on Internet café computers?

    Monitoring Network Traffic and Network Forensics
    Preventing SQL injection attacks: A network admin's perspective
    Breach prevention: How to keep track of data and applications
    Researchers find thousands of flawed embedded devices
    Network traffic collection, analysis helps prevent data breaches
    Lifecycle of a network security vulnerability
    Port scan attack prevention best practices
    How to prevent network sniffing and eavesdropping
    DoD urges less network anonymity, more PKI use
    Chained Exploits: How to prevent phishing attacks from corporate spies
    PCI compliance requirement 10: Auditing

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    Kerberos  (SearchSecurity.com)
    masquerade  (SearchSecurity.com)
    phreak  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts