Natalie Timms


Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

Building An Information Security Policy Part 2: Hardware and Software

In my previous blog, I outlined how understanding the roles of network devices is important for building an effective security policy. In this post, I will cover considerations when selecting hardware and software for network devices.

After an organization has identified device roles and features, the next step to building a secure network is selecting the right hardware and software. Effective configuration and deployment of network elements is dictated by required functions and permitted traffic flows, which in turn drive the choice of hardware and software. Device capabilities should not define the security policy, although they may enhance it. Choosing products that don’t meet security policy needs is a sure way to limit its effectiveness.

More Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

Knowing what you need is critical. However, one major influence on security policy is business return on investment. When possible, consider migration strategies that make use of existing infrastructure to support newer features and a more secure design. Always consider relocation of hardware to different areas of the network, or simply upgrading a device by adding additional memory to accommodate new software versions.

When selecting new hardware, plan for future growth in terms of device capacity (bandwidth), performance (processor, memory), load balancing/redundancy capabilities, and flexibility (static form factor vs. expansion slots for additional modules).

Set realistic performance goals to ensure stability and predictability and choose the best way to implement them. For example, features such as crypto are implemented in special hardware. It may be acceptable to use software-based encryption for device management, but this won’t be scalable for VPN gateways.

A good design should facilitate change management and to maintain simplicity, devices selected should have some uniformity in the way they are managed and configured. This is an issue to consider -- along with potential interoperability issues -- when deciding on single-vendor vs. multiple-vendor solutions.

[Read why information security professionals should take the time to teach their friends and neighbors about security best practices in "Be The Security Good Samaritan."]

Hardware configurations also will be influenced by software in terms of features supported, as well as processor and memory requirements. When selecting software, in addition to providing the required functionality, consider the following:

• Standards-based versus vendor proprietary features

• If certified products are required, is the vendor involved with certification efforts and committed to keeping certifications up to date?

• Does the software provide for system hardening and performance optimization (e.g. control-plane policing and system tuning parameters) and system/feature failover options?

• Understand performance trade-offs when enabling several features applied to the same traffic flows. Multiple devices may be required to provide all feature requirements.

• Is the vendor committed to secure coding practices and responsive to addressing vulnerabilities?

Once software has been selected, procedures for the monitoring of deferrals (cases in which software can be deferred if it has specific defects identified by the vendor) and Product Security Incident Response Teams (PSIRTs) must be in place. Instability and security vulnerabilities in software will reflect badly on security policy if there are no upgrade and mitigation strategies in place.

When hardware and software selection maps to security policy objectives, the next step is to start configuration and deployment. In my next post, I will discuss how to deploy a secure network using physical and logical segmentation techniques, reinforcing the concept that security should be integrated at all layers of a network design.


Related Reading


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers