I get happy when other people express what I am trying to say (in a much better way then me..). AppGate has a new partner in South Africa: Condyn. They recently wrote an article about security that I think is great...so here are some quotes:
Most investigations concerning computer crimes show that 60% to 80% of all security breaches are performed by insiders. These statistics highlight the fact that the most common method of protecting a corporate network and computers – the “ring wall” – is ineffective as it is assumed that attacks will come from the outside.
“This type of firewall-centric solution was designed many years ago and is slowly becoming obsolete,” explains Jorina van Rensburg, CEO of Condyn.
“Protection has been moved closer to the assets, such as application servers as well as workstations and laptops. So, how do you transform this traditional view into a more modern and effective architecture?” she asks.
According to Van Rensburg, the first step forward is simply observing the fact that the larger a network becomes, the more insecure it will be. This means that security can be improved by partitioning the corporate network.
Traffic between domains should be strictly controlled and potential problems logged. This immediately puts a limit on the maximum amount of damage a security problem can cause, and increases the possibilities to both detect and deal with potential problems.
The next step is to fully move away from the “ring wall” architecture. “If the servers can be protected against all unauthorised traffic, then operating systems, network protocols and applications cannot be attacked.
Step three involves improving client security. Clients need to be correctly configured, configurations must be reviewed and all software patched to make sure they do not contain any publicly known vulnerabilities. The security system should also be able to do a “client-check” before access to sensitive resources are granted. This check could guarantee, for example, that the client has anti-virus software installed, a good personal device firewall is in use, that no file sharing software is present, or any other rules the application system owner would like to enforce before access to that application is granted.
I really looking forward to work this company, they know what they talk about.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment