You Cant Buy Network Security

You Can t Buy Network Security

Most security vendors would like you to believe that network security is for sale. A quick flip through the latest information security (INFOSEC) trade rag yields no shortage of claims to that effect. Generally, security vendors don't sell security solutions; they sell security products. Unfortunately, many inexperienced security professionals fall victim to a "cult of cool" in which each security problem is viewed as an opportunity to try out these products, often with mixed results. In some cases, the technology provides solutions to a different problem than the organization has, and in still others it creates new problems unforeseen by the implementers.

This case of the "solution looking for a problem" started with firewalls back in the 1990s, when it was common to hear statements such as, "We're secure, we have a firewall." So far, the early part of the new millennium seems to have the same root problem but with new tools. Instead of firewalls, security is dominated with talk of intrusion detection (or its marketing-defined cousin, intrusion prevention) and event correlation tools. Following the latest trends in security only guarantees that you will spend your entire security budget each year, not that you will address any of your security issues. But enough about the wrong way to do things; for a "solution" to really work, it requires constant care and feeding, diligent sysadmins, and a well-thought-out policy.

To avoid the haphazard cult of cool security product deployment cycle, you must have clear and current security policies. Often, these latest toys from the security industry can help organizations implement the requirements of their security policies, but the policies must come first. It is in this way that a given technology's role can be understood within the larger framework of your network security system.

Part I. Network Security Foundations

Network Security Axioms

Security Policy and Operations Life Cycle

Secure Networking Threats

Network Security Technologies

Part II. Designing Secure Networks

Device Hardening

General Design Considerations

Network Security Platform Options and Best Deployment Practices

Common Application Design Considerations

Identity Design Considerations

IPsec VPN Design Considerations

Supporting-Technology Design Considerations

Designing Your Security System

Part III. Secure Network Designs

Edge Security Design

Campus Security Design

Teleworker Security Design

Part IV. Network Management, Case Studies, and Conclusions

Secure Network Management and Network Security Management

Case Studies

Conclusions

References

Appendix A. Glossary of Terms

Appendix B. Answers to Applied Knowledge Questions

Appendix C. Sample Security Policies

INFOSEC Acceptable Use Policy

Password Policy

Guidelines on Antivirus Process

Index



Network Security Architectures
Network Security Architectures
ISBN: 158705115X
EAN: 2147483647
Year: 2006
Pages: 249
Authors: Sean Convery

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net