Successful security initiatives are developed through a planning process that incorporates network-architecture and business-process reviews, application audits, user training, and systems analysis, to name a few parts of the whole. These background discoveries are aimed at understanding the network and business requirements needed to carry your organization forward. You have to involve not only IT, but all the key stakeholders, including business managers, accounting and human resources. You have to understand current and future business requirements, have an effective security program, and get buy in from nontechnical people. Collaboration and ensuring that the security policy is understood rank No. 1 and No. 2 in importance as implementation issues, according to a survey by Gartner Group (see "Important Security-Implementation Issues", below). You have to do your homework--only then can you begin to build a security program that will enable your company to compete more effectively.
Personal Touch
Security begins and ends with people. Therefore, security products and processes need to get pushed as close to the user as possible. That means building security deeper into the network than is seen today--more firewalls between departments, security software on desktops, more user training and a greater focus on access control.
Traditional network security takes the perspective of "What are we trying to protect?" and "Whom are we trying to protect it from?" If you do your planning, you know that the answers depend on the value of the data. But those two perspectives say nothing about what kind of access, and by whom, should be permitted.
Just as there are many elements to security, there are many ways to solve those issues. Network security is about using the right tool for the right job and applying defense in depth. A firewall is great to control network access, but very few reach up into the application area. Likewise, it is well known that hardening your perimeter keeps intruders out, but you're still vulnerable to inside attacks. Security controls should be applied based on what is needed to protect resources rather than on network topography.
Crossing Boundaries
Wherever two security domains meet, you should control access across the boundary. The most well-known security boundary lies at the LAN-WAN edge. Typically, firewalls are configured to block access to the LAN from the WAN, keeping external intruders out. If you are controlling access in only one direction, however, you are using only half your firewall.
Much of the damage from DDoS (distributed denial of service) attacks, for example, can be mitigated by making simple changes to your firewall. Make sure your outbound traffic is originating from known IP addresses; limit users to specific protocols, such as HTTP/HTTPS, SMTP and DNS; and perform content filtering and virus scanning on everything passing through the firewall.
Adding rules to a firewall will complicate management, so consider pushing your firewalls deeper into the network, closer to important assets. Many vendors are working on improving multiunit management applications, especially in policy and software management, centralized logging, and network integration. These are three areas vendors need to address for effective multiunit management, because as the number of firewalls increases, so does the complexity.
Multiunit management is especially important for MSSPs (managed security service providers) as well as xSPs offering managed firewall services. New players in the MSSP space, such as SonicWall, are giving incumbents like WatchGuard and Check Point Software Technologies a run for their money.
If you're looking to outsource your firewalls, your service provider's choice of firewall determines the kind of access you'll have for logging and viewing configurations. If you have no access to the logs, troubleshooting network connections passing through a firewall is difficult at best. More important, providing log access should lighten the load on the service provider by letting you, the customer, do first-level support.
REPORTS
ANALYTICS
Follow 
