Each week vnunet.com asks a different expert to give their views on recent security issues, with advice, warnings and information on the latest threats.
This week Jukka Sieppi, director of product management at network protection firm Stonesoft, warns of the dangers of adopting a so-called 'silver bullet' solution to network security.
Recent legal requirements and regulations have increased corporate risk exposure to the point where the issue of IT risk management either is, or should be, at the top of upper management's agenda.
As a result of legislation such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act of 1996, enterprises have started to re-analyse their assets and to prioritise their IT investments based on the their perceived threat level and the consequences that may ensue if any threat were to become reality.
Based on this analysis, they are changing their security infrastructure and practices and investing in new technologies where needed.
In response to this heightened awareness, some security vendors are offering so-called 'silver bullet' solutions. These vendors promise that an all-in-one device at the perimeter of the network can offer total security from all attacks.
Companies that buy into this message condemn themselves to a flawed solution. The problem is that any one technology alone is not sufficient.
More importantly, the underlying network security architecture must be designed in such a way as to increase overall security. This type of architecture cannot be achieved simply by using all-in-one devices on the network perimeter.
There are two dimensions to well-designed network security architecture: width and depth. First, the width of the defence in the network is achieved by using many complementary types of security solution, such as firewalls and intrusion protection systems.
These products work together to improve overall protection and thus reduce the probability of incidents. In addition, information produced by PS systems can be used to assist administrators in detecting, finding and stopping any unauthorised activity, thus limiting the company's actual exposure.
The depth of defence, in contrast, is achieved by using firewalls behind the perimeter defences to segment the network, thus forcing intruders to compromise several targets before getting to the valuable information.
In practice this means that, in addition to having a traditional 'de-militarised zone' where public services are located, your various servers, different parts of your organisation, services for partners as well as wireless local area network segments must be protected from each other with a firewall.
Finally, to complement the segmentation, and to add width to the defence in depth, you should consider deploying intrusion detection and prevention systems in key network segments.
These will allow you to collect information that will help you respond or recover when something malicious is happening or has already happened inside the network.
Without the depth in defence intrusion detection and prevention systems, whether they be on the perimeter or behind it, may fail to provide sufficient information for successful incident management.
The additional information collected helps you to determine what to do, and enables you to decide when to move from preventive mode into recovery mode.
Put simply, defence in depth reduces risk by lengthening the reaction window from the time an intruder first attempts to gain access, to when the intruder is able to cause serious damage.
The longer it takes to gain access to your valuable assets, and the more information you have about the attack, the better chance you have of preventing any actual damage or loss to your assets.
Nanocrystals embedded in glass or a polymer could be the next step for nano-crystal storage method
Space Telescope to be used as part of the organisation's Transiting Exoplanet Survey Satellite
Second quarter PC sales up by 2.7 per cent, suggests IDC
Apple updates MacBook Pro with Coffee Lake CPUs, 32GB memory and up to 4TB storage - at a price, of course
A maxxed out MacBook Pro will cost a mere £6,209