The traditional idea of perimeter security no longer exists. Gone are the days of a concrete firewall or a single, identifiable border that could detect threats and breaches. The nature of modern work and mobility demands that firms permit remote access to all manner of individuals. The proliferation of remote applications needed by customers, contractors, third parties, and telecommuters has turned external network security into an asymmetrical problem. It’s time to redraw the perimeter. Strengthening gateway security, better managing user authentication, and implementing SSL VPNs are three options that will go a long way towards hardening your external defenses.
Firewall Gateway Security
Simply having a firewall in place can no longer be thought of as a comprehensive security strategy. While they can provide adequate protection at the network level, external applications create vulnerabilities via their necessary gateways and ports through the firewall. This leaves a system open to threats from email and web-based malware, DoS (denial of service), XSS (cross site scripting), and SQL injection. Network demilitarized zones, or DMZs, can remedy some this. DMZs provide another layer of protection between an internal network and an external, untrusted network like the Internet by controlling what aspects of the internal network are exposed. Think of a DMZ as a compromise of sorts that offers some great benefits in exchange for little in the way of risk.
SSL Virtual Private Networks
If your organization allows remote users to access internal applications on your private network, you must ensure that any data is protected in transit. Public WiFi networks, for example, are often not secured and pose huge risks if someone connects to your applications with one. The solution here is the use of SSL virtual private networks. SSL encrypts communications in both wireless and wired transit. SSL VPNs are sometimes referred to as “clientless VPNs” because users don’t have to install client software in order to use the VPN. If your network requires remote access to sensitive data and applications, an SSL VPN encrypts all network communications with remote users. This is a no-brainer if you have remote users that need to log into internal network applications and transmit sensitive information.
Another area where the changing security perimeter is apparent is user authentication and identity management. Managing users and their different levels of access can be a challenge, but having the right plan in place will prevent unauthorized access to your systems. It once was the case that a username and password was a sufficient means of authenticating a user’s identity. No longer. Your system must have in place two-, or even three-factor authentication to adequately protect against hacked or stolen credentials. Passwords should be reset frequently and should contain a required combination of letters, cases, numbers and special characters. Going beyond password complexity, many firms have chosen to use email, text, or RSA token verification. Having two-factor authentication in place makes identity theft all the more difficult.
Think Outside the Perimeter
Traditional IT perimeter security exists in name only. Every single external access point to your network is a potential vulnerability. Different types of users are using different types of devices to access your networks via insecure Internet connections. Managing your firewall gateways, user identities, and establishing an SSL VPN are three major areas to focus on when bolstering your outer defenses.