In our first blog on ideal network security perimeter design, we looked at how to harden and configure your network as well as understanding what outsiders can see. In part 2 we'll examine the numerous layers in a sound network security perimeter design and how to enable access for authorized personnel.
Keeping Guard
No matter how hard you try to stop an adversary, one is going to slip by your well-planned network. Within the perimeter there are tools that can help us proactively block these threats if they’re found (this doesn’t mean they’ll catch all of them, but that’s why we have layers). Let’s take a look at these tools and where they are layered in:
- A popular tool that’s making its way into the perimeter is cloud-based malware detection. These tools are used to scan data as it goes through the firewall or routers and filter for suspicious traffic entering your network. Unlike appliance-based solutions this sits outside your architecture and will have traffic analyzed before it hits your network
- The traditional first line of defense against attacks is the firewall, which is configured to allow/deny traffic by source/destination IP, port or protocol. It’s very binary -either traffic is allowed or it’s blocked by these variables.
- If an attack is leveraging one of these allowed firewall rules, then you better have the next layer on the perimeter, a well-tuned and monitored IPS. Having the IPS well-tuned and being viewed by security is a way to watch for those sneaky intruders that have slipped past the first castle wall and are now within the perimeter.
- In some organizations these layers are merging with the advent of the NGFW, which gives you the ability to integrate layer 2 and layer 3 technologies if needed and review more traffic at the application layer.
Together these systems will help limit the risk and likelihood of an attacker walking through the front gate, but we can’t let our guard down just because we have them. Having these tools in place is one thing, but having the staff and policy to manage them is another. An important component of a truly secure architecture is having the right staff with the right expertise in place to manage it, including personnel who configure the systems to those that monitor the systems’ output for security related events. It’s a test of your architecture and team to tune everything if/when something gets through.
Check out the rest of the article at: http://blog.algosec.com/2013/08/the-ideal-network-security-perimeter-design-part-2-of-3.html