Saturday, November 7, 2009

Defense-in-depth Technologies in networks

Defense-in-depth technology comes from a long back historical background, where kings used this concept to build their forts. The basic principle of this is to neutralize enemy's attack as maximum as possible, for that they would build secure postures at every point of invasion.

This kind of defense patterns starts with:
1. Location
2. Perimeter level defense
3. Sub perimeter level defense
3. Core Level defense

Given below is a pictorial depiction of defense-in-depth concept.
  


Later on this concept was introduced in creating security into corporate networks. It doesn't make a difference on the size of the network or complexity of the network, what matters here is the thinking involved in creating defense layers in the network.

One should think on:
1. What needs to be protected?
2. What is the critical value to protect?
3. Business damage, if not protected?

Only then, one can devise a defense-in-depth plan for the network.

Shown below, is the Cisco's concept towards defense-in-depth designs:


Thursday, November 5, 2009

The Security Life Cycle....

Security is not a start to end process, but its a continuous flow of the activities which makes it a cycle. Please keep in mind that when there is no DATA, there is no Security needed.


Wednesday, November 4, 2009

Will firewall help in securing your network?

Well.. people think that implementing firewalls usually makes any network secure. But, the case is different, every security device implemented in the network introduces a blocking point in the network thereby causing bottlenecks or latency in the network.
We have to think of an security option, which not only secure the network but also do not add to the latency to the normal flow of the traffic.

Post your comments in this as to what you think of this??

Secure Designs - What is it??

Secure Designs are security impressions of any network. We will be keeping the DATA as center of the network circle and all the network operations or components revolve around it.
 
So, we need to understand, we are protecting DATA from getting lost or leaked from the organization.