RSS |
 |
| F E A T U R E The Survivor's Guide to 2001: Security | |
| |
December 11, 2000 By Mike Fratto When someone says network security, what comes to your mind? Firewalls? Access control? VPNs? Encryption? All of the above? Or do you imagine running around poking your fingers in cracks in the dikes until you 
look like you're playing vertical Twister? With security sites and newsletters proliferating like mushrooms, 20 to 30 new exploits announced each week, and a rabid security industry vying for your dollars at every turn, it's no wonder you can't keep up. At times, neither can we. There's no cookie-cutter solution to network security; however, while it is a complex topic, it's not rocket science--and it is controllable. You and your organization simply need to invest sufficient resources in a proactive network-security program. Attempting to defend your organization against every newly published exploit is like trying to herd cats. Therefore, rather than put up point products, such as firewalls and virus scanners, to guard against some perceived risk or respond to an intrusion, you need to build security into your IT infrastructure from the ground up. Your security stance must be driven by business requirements, not technological needs. The first step is to analyze risk as it pertains to your business plan. You'll have to focus on your most valuable assets first and then work downward. Once you understand the risks, you can begin to implement security products and strategies effectively. Besides controlling access inbound and outbound (you are restricting outbound traffic, right?), network security, when built to meet business needs, lets you provide services to customers over the network in a safe, secure, reliable manner. It's a process that needs to be attended to daily, but the payoff is increased customer confidence in your organization as a safe place to do business. Having a Web page defaced, a credit-card database posted to a Web site, or your weak cookie encryption exposed on Bugtraq (www.securityfocus.com) or another public mailing list does not inspire customer confidence. And while you can never be 100 percent secure, striving for that high mark ensures you'll get closer to the goal. The building blocks for network security vary, depending on what you're trying to accomplish. Firewalls form the cornerstone of any security implementation, and for the most part, their security feature lists have flattened out over the past year or so. We expect this trend to continue, because there are limits to what the technology can do. Firewall vendors are looking to enhance products' raw performance, high availability, failover and load-balancing.
The ASP market is poised to explode in this decade, and security vendors want a piece of that pie. ASPs must provide secure, reliable, high-bandwidth, low-latency connectivity, and that means firewalls will have to pass high-volume traffic quickly. There are two ways to accomplish this: The first is to use bigger, faster hardware devices to overcome processing overhead. But this method has limitations; solutions based on monolithic hardware are tied directly to performance advances in hardware. If performance enhancements are slow to arrive, so will be your ability to scale upward. The second path is load-balancing, or distributing the connections across a firewall farm. Load-balancing requires special processing, either through dedicated load-balancing hardware or via policy and state replication among the firewalls. A load-balanced firewall farm will always offer better scalability, because more firewalls can be added as needed. It will also provide much needed redundancy; if one firewall fails, the load will be distributed among the remaining firewalls.
| |
|
PAGE: 1 I 2 I 3 I 4 I NEXT PAGE |
|
Best of the Web
Data deduplication: Declawing the clones
Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.
Compression, Encryption, Deduplication, and Replication: Strange Bedfellows
One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.
WAN Optimization Whitelists and Blacklists
Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.
WAN Optimization as a Managed Service: It's Not About the Cost
This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.
