Security Management Strategies for the CIOAccess "On the Radar"
This article is part of the February 2005 issue of 12 security lessons for CISOs they don't teach you in security school
Internal firewalls that mirror perimeter devices may not be worth the trouble. Most security managers and architects would agree that defense-in-depth architectures are the right approach to enterprise security. How is this done? In part, by layering firewalls. You put a primary set of firewalls on the perimeter, and then place secondary firewalls on interior network segments. This way, you keep out the Internet bad guys while controlling traffic between internal subnets. Now comes the challenge: Should perimeter and internal firewalls have the same rule sets? Before you answer, consider this: Your organization isn't entirely "your" organization. Enterprises are divided along political/ business lines in ways that show very little respect for seamless security. Perhaps you only have say over the perimeter firewalls, but the internal firewalls are controlled by divisional network managers with their own ideas of how things should be done. Does it make sense to have a loose rule set on the perimeter firewall that allows more traffic into the network, but then ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Secure Reads: The Network Security Bible
A review of the Network Security Bible by Eric Cole, Ronald Krutz and James W. Conley
-
Desktop Security: Senforce Portable Firewall Plus
Senforce's Senforce Portable Firewall Plus
-
Wireless security product review: AirTight Networks' SpectraGuard 2.0
A review of AirTight Networks' SpectraGuard 2.0
-
Database Security: Ingrian i211 DataSecure Platform
Ingrian Networks' Ingrian i211 DataSecure Platform
-
In MSSPs We Trust
Regulatory and cost-cutting pressures are forcing enterprises to reexamine the value of managed security services.
-
On the Job
12 lessons they don't teach you in security school about being a CISO.
-
Secure Reads: The Network Security Bible
-
-
Recent Releases: Security product briefs, February 2005
Learn about the security products launched in February 2005.
-
IronPort C-Series Messaging Gateway: Antivirus, Antispam tool
Enhance your email security strategy with IronPort's C-Series Messaging Gateway. In this product review you will get information on cost, installation, reporting, configuration, and antivirus and antispam technology.
-
Hot Pick: Funk Software's Odyssey Client 3.03 and Odyssey Server 2.01
Funk Software's Odyssey Client 3.03 and Odyssey Server 2.01
-
SSHv2: Safe & Secure
The overhauled encryption protocol helps harden networks.
-
Security: Measuring Up
by Pete Lindstrom, Contributor
Metrics are the key to measuring security. Learn how to gather data and calculate the answers you need.
-
Recent Releases: Security product briefs, February 2005
-
Columns
-
Logoff: The battle against spyware
Spywary
-
On the Radar
Firewall Redundancy?
-
Perspectives: Symantec, Veritas pairing to change security
Symantec's merger with Veritas will change security managers' lives.
-
Editor's Desk: Nessus charges for signature updates
No Free Lunches
-
Logoff: The battle against spyware
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...