Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)

The art of protecting the perimeter has changed dramatically in the past decade . Networking technologies and their underlying protocols have evolved and continue to evolve at an unprecedented pace. This evolution has made many early perimeter security technologies obsolete, or at the very least, limited in value. This is important to consider when choosing an appropriate solution. The following trends have played a pivotal role in the evolution of perimeter security technologies:

• The concept of the traditional network perimeter has become gray. With the evolution of virtual private networks and wireless technologies, today's perimeter involves much more than the service provider access point. Also, with the graying of the traditional hard perimeter, more focus is being placed on endpoint security in order to protect and defend the soft inner core of today's networks.

• Networking speeds continue to increase. As of this writing, gigabit connectivity at the desktop is not uncommon, and speeds will only continue to increase in the future. This growth results in an exponential increase in demand at the gateway and directly impacts the aggregate bandwidth entering and leaving an organization.

• Protocols have become increasingly complex. Today, an array of protocols are encapsulated over HTTP, for example, requiring the enforcement of network policy at increasingly higher levels in the protocol stack.

It is important to note that firewalls are not the silver bullet that they are sometimes played out to be. They are one piece of a multilayered approach that should be implemented within your organization. Firewalls were originally developed when there was a solid perimeter, and when Internet connectivity within applications was not as ubiquitous as it is today. Today, it is unusual to find a software application that does not have some capability that relies on the Internet. At minimum, most applications have the ability to update themselves when a new version is available.

If you have not yet developed a security policy for your organization, now is the time to start. It will be difficult to decide on acceptable uses for your network without having done so. Your security policy should be based on the operational needs of your business. Ask yourself, what are the core technologies that are required for your business to function? Your security policy should ultimately dictate the applications that are passing through your organization's firewall, and will define your firewall's configuration.

There are a number of things to consider when deciding which firewall technology will ultimately fit your needs. These factors will have a direct impact on your choice of technology:

• At what network junctions do you require a firewall? Organizations today can have redundant Internet access points, connectivity to partner networks, and connectivity to data centers and regional offices. They can also have internal segmentation between departments and groups of servers requiring protection (finance, human resources, development).

• What are the bandwidth requirements of the networks you are protecting at each junction?

• Which applications will be passing through the firewall? Different technologies provide differing capabilities depending on the application.

• What are the assets being protectedan internal LAN, public-facing systems, or both? What are those public- or customer- facing systems? For many organizations the internal/public distinction is itself one that is collapsing.

• What is the value of those assets, and what level of security is required to protect those assets? How can the risk to those assets be reduced to acceptable levels?