Secure Network Perimeter
Four Tips for Designing
1. Build layers of security around your castle
No defense is 100% effective. That’s why defense-in-depth is so important when it comes to building out your security. The traditional first line of defense against attacks is typically the firewall, which is configured to allow/deny traffic by source/destination IP, port or protocol. It’s very binary - either traffic is allowed or it’s blocked by these variables. The evolution of these network security devices has brought the Next-Generation firewall, which can include application control, identity awareness and other capabilities such as IPS, web filtering, advanced malware detection, and more baked into one appliance.
2. Harden your device configurations, software updates and security policies
Here is where we start building those walls to prevent attackers from getting inside the castle. The first line of defense typically involves network security devices such as routers, firewalls, load balancers, etc. which each act like the guards, gate, moats, etc. of long ago.
3. Enable secure network access
While firewalls, routers and other security layers are in place to prevent unauthorized access, they also enable access that is approved. So how do we let authorized personnel into the castle? The drawbridge of course! Next-generation firewalls can help here by scanning inbound and outbound user traffic, all while looking for patterns of suspicious behavior.
4. Create and segment the DMZ
If firewalls, routers, web filters, etc. are the guards, moat, gate, walls of a castle, then the DMZ is like the courtyard once inside the castle – another area before you can get to the private quarters.
When creating a DMZ, there should be at least a front-end firewall for the external traffic and a back-end firewall for the internal traffic. Firewall rules should be optimized and tightened on all publicly available systems to allow traffic to only the necessary ports and services living within the DMZ. From an internal perspective you also want to limit who can access systems within the DMZ. One approach is creating firewall rules to only allow the source IP addresses and port to the specific server and then adding proxies in the network from which administrators are allowed access to the systems. You can also place authentication on the LAN before access to the DMZ is even attempted. This prevents allowing complete control over these systems at any given time.
Source: securityweek
Marine Net.
Perimeter Security, Video Intrusion Detection, Fiber Optic Security System, Marine Security, Marine Net, Under Water Marine Net Detection, Under Water Marine Detection, Under Water Security, Security Under Water, Perimeter Security, Fiber Optic Sensor, Fence Detection, Fiber Optic Net, Airport Security, Nuclear Facilities Security, Nuclear Security, Government Security, Perimeter Security for Federal Government, Fiber Optic for Perimeter Security, Perimeter Security for Oil and Gas, Perimeter Security for Water Utilities, Perimeter Security for Treatment Plants, Perimeter Security for Storage Tanks, Perimeter Security for Dams, Perimeter Security for Reservoirs, Perimeter Security for Electric Utilities, Perimeter Security for Generation Plants, Perimeter Security for Sub-Stations, Perimeter Security for Switchyards, Perimeter Security for Chemical Facilities, Perimeter Security for Chemical Plants, Perimeter Security for Refineries, Perimeter Security for LNG Plants,Perimeter Security for Storage Facilities, Perimeter Security for Transportation Industry, Perimeter Security for Airports, Perimeter Security for Seaports, Perimeter Security for Roads and Railroads, Perimeter Security for High Security Sites, Perimeter Security for Government Facilities, Perimeter Security for Nuclear Plants, Perimeter Security for Military Bases, Perimeter Security for Prisons, Perimeter Security for Oil and Gas, Perimeter Security for Oil Fields, Perimeter Security for Storage Facilities, Perimeter Security for Refineries.