Firewalls + ?

[Mike Forrester]

Search the archives of firewall lists for all the information you could
want.  This goes round and round on them all the time.

BTW - Maybe I missed it, but no one mentioned anything about recovery
systems, policies, and procedures for WHEN you get hacked.  Don't spend all
your time and planning on prevention (although it's the most important part)
and forget to plan what to do if all else fails...

Mike

----- Original Message -----
From: "Jon Carnes" <jonc at nc.rr.com>
To: <VPN at SECURITYFOCUS.COM>
Sent: Wednesday, March 21, 2001 10:25 PM
Subject: Re: Firewalls + ?


> On Wednesday 21 March 2001 19:08, Stephen Chowning wrote:
> > In reading about security in general, and VPN's in particular, I have
come
> > across articles that raised a question. The first article made the point
> > that any corporate officer, when inquiring about their network security
and
> > getting the answer that it consisted of firewalls alone should fire the
> > person responsible for network security. The second article likened
network
> > security to castles. No security/castle is completely impenetrable, but
the
> > best of both had/have multiple defenses to heighten the effort required
to
> > penetrate, hopefully beyond the attacker's desire or resources.
> >
> > So my question is, what would be the list of multiple defenses for
> > networks? Firewalls, obviously, but what would the others be?
> >
> > Stephen Chowning
> >
> > VPN is sponsored by SecurityFocus.COM
>
> Just a few others:
>   - Physical security of the servers, routers, backups, and network
access.
> The use of switches to isolate traffic, helps tremendously.
>   - Password access to the network and its resources
>   - A network/server rights structure that protects your data and at the
> highest levels of security isolates it.
>   - Encryption of information while in transit - especially across the
> internet.
>   - Regular audits of the network and data, including scans of logs
(security
> audits).
>   - Monitoring security sites for alerts and new strategies
>   - Upgrades to remove known software vulnerabilities.
>   - Education of your employees
>   - A written security policy
>
> You can turn security into a full-time job, and if your corporation is
large
> enough (and well known enough) you may even need a dedicated security
staff.
> Your needs are based on the size and complexity of your network and by how
> much you have to lose from a break-in or data loss.
>
> Jon Carnes
>
> VPN is sponsored by SecurityFocus.COM
>

VPN is sponsored by SecurityFocus.COM