I think it is well known by security experts that the old perimeter defense model just does not work any more. A firewall does give some protection, but users are constantly asking that ports be opened so that they can access services outside of the corporate network.\u00a0 Not only that, but there is not much to prevent malicious traffic to go through your ports that are already opened.\u00a0 Should we ditch the firewall?\u00a0 No, but you should add more layers to your defense.\u00a0 In this post, I will list of the defenses you should have in your environment.<\/p>\n
Whenever such a user requests to have yet another port to be opened, you should make sure that you restrict as much as possible the end-points that can make use of that port you are opening up. For example, John asks that a port be opened so he can establish a VNP connection from the corporate LAN to a business partner, you should make sure that only John’s IP address is allowed to use that port and that there is only one outside IP address that John can reach on that port.<\/p>\n
Firewall management is not what keeps me up at night though. What keeps my up at night is the fact that it is so easy to create tunnels from inside my network to the outside over well known ports, such as port 80 or 443 in order to access anything that you would normally block at the firewall. That plus the fact that now you cannot browse most web sites with first installing such things as Flash player and Adobe PDF reader.<\/p>\n
A recently vulnerability in Adobe Reader<\/a> for which there is no patch as of now (Adobe said they will release one on March 11th) is a rather scary one.\u00a0 This type of vulnerability can be exploited without the user even opening the malicious PDF!<\/a> How can you defend yourself against that?!\u00a0 You should have as many layers as possible in order to prevent that malicious PDF from succesfully penetrate your network.\u00a0 The Verison Business Security Blog<\/a> has a very good list of steps that can be taken to protect yourself against that threat.\u00a0 of course, you could always drop Abode Reader<\/a> altogether.<\/p>\n In general though, that approach can be applied against any threats.\u00a0 Here are the different layers you should have in place in order of priority:<\/p>\n In my experience, the mobile users are the weak links.\u00a0 Once they take their laptops outside of the corporate LAN, many of those defensive layers, such as IPS and the firewall, are no longer there to protect them.\u00a0 That’s why you need to have strong defenses on the workstations, such as disk encryption and HIDS.<\/p>\n Can anyone think of other layers that should be in place?<\/p>\n","protected":false},"excerpt":{"rendered":" I think it is well known by security experts that the old perimeter defense model just does not work any more. A firewall does give some protection, but users are constantly asking that ports be opened so that they can access services outside of the corporate network. Not only that, but there is not much to prevent malicious traffic to go through your ports that are already opened. Should we ditch the firewall? No, but you should add more layers to your defense. In this post, I will list of the defenses you should have in your environment.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[9],"tags":[14,27,29,31,32,33,40,52],"yoast_head":"\n\n