| |||
|
|
||
|
|||
| |
|
Home > Joel Snyder's introduction to network perimeter defenses |
| |
|
|
|
|
| Security School: |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
|||||||||||||||||||||||||||||||||||||||||||||
1.) UTM may be a buzzword, but there are some common services that are being included in unified threat management devices. We don't have an exhaustive list, because UTM means whatever the unified threat management vendor says it does. However, you should be able to name at least six technologies that go beyond traditional firewall and VPN that are being included under the UTM rubric. In Intrusion Defense School, we'll actually cover 12 different technologies that we've seen "in the wild" in unified threat management devices. If you can name all 12 without peeking, you're in outstanding shape.
2.) When building a network perimeter defense, the question of integrated devices versus best-of-breed single-purpose solutions comes up. One argument for best-of-breed solutions is that they provide better services. For example, a standalone IPS dedicated to the task is often better than an IPS in a combined IPS/firewall/VPN/coffee maker device. There are several arguments made in favor of combined devices. You should be able to list at least two of them. In Intrusion Defense School, we'll cover the four main arguments made in favor of combined devices. By knowing these in detail, you'll be better able to understand where combined devices are right for you -- and where they are not.
3.) A common concern with any kind of network edge protection is the impact it has on performance of the network. Obviously, the addition of services to existing hardware slows things down. You should know some rough rules-of-thumb for what kind of slowdown you'll see as different services are added. In Intrusion Defense School, we'll go through a case study showing how performance was affected as different services were enabled on a particular device. I'll also give you information from other performance testing, and provide some hints on how to do your own performance testing.
4.) Edge email security devices do a great job of countering certain kinds of threats (you should be able to name the two main ones, viruses and spam, right off the top of your head). There are five critical features to a successful antispam strategy when built into a perimeter defense. You should be able to name at least two very important features in any edge e-mail security device. In Intrusion Defense School, we'll walk through all five features and discuss how these are relevant and what you need to know in picking your antispam strategy. You'll also learn the difference in strategy between unified threat management and dedicated devices so you can make the most informed decision on your big picture for antispam defenses.
5.) Defining the return on information security investments is a perpetual problem when making your business case. Most security managers are familiar with the FUD technique for justifying security investment. However, to succeed long-term, you need a process and procedure that grounds security in terms of business. You should be able to explain the acronyms ALE, SLE, EF and ARO (even if you can't remember how they are combined). In Intrusion Defense School, we'll walk through the traditional framework for justifying security investment and the ROI of security, including all of those acronyms. We'll also provide you some tips with how to prioritize security investment so that you can achieve quantifiable (if not measurable) results for your dollars spent. ALE = SLE = EF = ARO =
>> Take the entrance exam << Return to Intrusion Defense School
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
| |||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
