Protect Your Windows Network: From Perimeter to Data

The Role of the Network

Let's once again review the notion of defense in depth. Consider that august bastion of protection, the medieval castle. Did the serfs lull the despot into believing that a simple moat was sufficient to protect the castle from invasion? Surely not. An attacker faced a formidable array of defensive elements as he or she attempted to steal the crown jewels :

Thirteen layers of defense separated an attacker from a typical despot's crown jewel collection. Maybe we can learn something from this as we try to separate attackers from our networks' crown jewels?

A network's primary function is delivering bits as quickly and as reliably as possible. For too long, the network has struggled with a second, somewhat mutually exclusive, duty: protecting those same bits from accidental or intentional misuse. Network membershosts, applications, usersrelied on the network for all protection. Considering that our information security taxonomy now has six elements, all of which are required for complete protection, no longer can you rest your entire protection at the network edge. That's why we spend considerable time throughout this book explaining effective security techniques at all layers. And by locating security responsibilities throughout the landscape, the network can return to its first, best calling.

That isn't to say that the network shouldn't retain any kind of defense. Far from it. In discharging its duties of delivering bits as quickly and as reliably as possible, the network must take charge of its own defenseprotecting itself from attack and compromise. Therefore, in light of the information security taxonomy with corollariesconfidentiality and possession, integrity and authenticity, availability and utilitywhere does network security fit? Such technology is mostly preventive, allowing access only to permitted networks, hosts , protocols, and ports. Given that definition, then, network security is mostly about availability of the hosts, the applications, and the data within.

Категории