Firewalls + ?
mikef at POCKETLINT.COM
Fri Mar 30 17:15:16 EST 2001
Search the archives of firewall lists for all the information you could
want. This goes round and round on them all the time.
BTW - Maybe I missed it, but no one mentioned anything about recovery
systems, policies, and procedures for WHEN you get hacked. Don't spend all
your time and planning on prevention (although it's the most important part)
and forget to plan what to do if all else fails...
----- Original Message -----
From: "Jon Carnes" <jonc at nc.rr.com>
To: <VPN at SECURITYFOCUS.COM>
Sent: Wednesday, March 21, 2001 10:25 PM
Subject: Re: Firewalls + ?
> On Wednesday 21 March 2001 19:08, Stephen Chowning wrote:
> > In reading about security in general, and VPN's in particular, I have
> > across articles that raised a question. The first article made the point
> > that any corporate officer, when inquiring about their network security
> > getting the answer that it consisted of firewalls alone should fire the
> > person responsible for network security. The second article likened
> > security to castles. No security/castle is completely impenetrable, but
> > best of both had/have multiple defenses to heighten the effort required
> > penetrate, hopefully beyond the attacker's desire or resources.
> > So my question is, what would be the list of multiple defenses for
> > networks? Firewalls, obviously, but what would the others be?
> > Stephen Chowning
> > VPN is sponsored by SecurityFocus.COM
> Just a few others:
> - Physical security of the servers, routers, backups, and network
> The use of switches to isolate traffic, helps tremendously.
> - Password access to the network and its resources
> - A network/server rights structure that protects your data and at the
> highest levels of security isolates it.
> - Encryption of information while in transit - especially across the
> - Regular audits of the network and data, including scans of logs
> - Monitoring security sites for alerts and new strategies
> - Upgrades to remove known software vulnerabilities.
> - Education of your employees
> - A written security policy
> You can turn security into a full-time job, and if your corporation is
> enough (and well known enough) you may even need a dedicated security
> Your needs are based on the size and complexity of your network and by how
> much you have to lose from a break-in or data loss.
> Jon Carnes
> VPN is sponsored by SecurityFocus.COM
VPN is sponsored by SecurityFocus.COM
More information about the VPN