Mick Creane and Martin Smillie write in The challenges of securing complex global networks in a converged world: "Firewalls on the perimeter of the network (in best practice a dual-skin firewall solution with the firewalls sourced from different suppliers, so that both firewalls cannot be exploited in the same way)."It is usually rule sets that are exploited and not firewalls, so I no not understand the logic of this recommendation. It is not cost effective and does not improve security in any proportional fashion. However, the rest of the recommendations are substantiating:
- "Intrusion detection systems (IDS) and Intrusion prevention systems (IPS) at strategic places in the network.
- Monitoring, event correlation and threat response across an optimal range of security and non-security devices backed by skilled security analysts.
- No “dial in” access to corporate network – remote access or wireless/mobile access is via strong authentication over VPN connection.
- Anti-virus protection and proxy caching.
- Network-based prevention against distributed denial of service (DDoS) attacks.
- Vulnerability scanning and assessment tools
- Machine log storage for compliance and investigation purposes.
- Rigorous audit and test procedures."
0 comments:
Post a Comment