Summary

In this chapter we discussed the core principles of maintaining a security perimeter and examined the fundamentals of system and network monitoring, incident response, and change management. A reliable monitoring process is essential to knowing the state of your infrastructure and allows you to rapidly detect problems and react accordingly. We also covered considerations for centrally monitoring remote resources without exposing them to additional vulnerabilities.

Next, we examined incident response procedures to prepare you for responding to alerts generated by monitoring and intrusion detection systems. We emphasized the need to define a detailed plan for handling malicious and fault-related incidents so that you can focus on investigating and eliminating the problem when the need arises.

Recognizing that even the most thought-out infrastructure is bound to evolve along with the organization, we described the significance of sound change-management practices. This aspect of perimeter maintenance focused on applying patches, deploying new applications, enforcing controls, and detecting infrastructure changes in a deterministic manner.

The next chapters are meant to help you apply some of the practices discussed in this chapter while incorporating design concepts from earlier parts of the book. We also examine the process of assessing the effectiveness of the architecture and the implementation of the security perimeter. Stay tuned!