- Monitoring traffic at the application layer needs much love. You can’t just turn on a system like these and assume that you’ll be catching every bit of malicious traffic that comes past your interface. We’ll dig deeper into this later on, but each one of these systems needs to be tuned in order to work for your organization. Not all filters or signatures are going to be turned on by default and knowing what’s behind these security devices is going to be key (AKA Understand your network).
- Even with tuning in place you’ll still get false positives, albeit fewer, but false positives nonetheless. Management and others involved need to understand that this isn’t a silver bullet and that when properly tuned will assist with blocking malicious traffic. But the potential for false positives will always be there. What needs to be shown is the risk between having a potential false positive versus a security breach.
- These devices are always going to be in-line with your network and because of this will also be a concern as single point of failure if not configured properly. Making sure that the systems that are in place to protect your business don’t bring it down should be a priority. Having performance issues due to the signature load it’s scanning for or not having load balancing or clustering on them isn’t an option when they’re in such a delicate part of your network.
Pages
Tuesday, December 4, 2012
Enhancing Your Security at the Edge: Part 2 of 2
In our last article
we looked at how to harden your perimeter with traditional firewalls
and routers. In part 2 we will continue this examination of enhancing
security at the edge, but higher up the stack via an application or
layer 7 approach. Just as with traditional firewalls and routers, when
it comes to the application layer we need to maximize the benefits
available to us with solutions, without adding too much complexity to
our security operations.
The
systems in place that can assist with monitoring/securing your systems
from application layer attacks are Next Generation Firewalls (NGFW),
Intrusion Prevention Systems (IPS) and Web Application Firewalls (WAF).
Here are just a few more “bumps in the road” that I’ve seen when it
comes to these devices:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment