Turning the network inside out
Remote connectivity, partner extranets, supply chains, on-site consultants, partners and peer-to-peer networks render Bill Cheswick's 1990 network security model of a "crunchy shell around a soft, chewy center" increasingly obsolete. Although inexpensive firewalls are getting smarter and faster, the most significant security issues are on the inside of your network.
The stock response to the challenges of the virtual enterprise has been to heap on protection at multiple layers, augmenting network traffic controls with protocol and application-layer filtering, IDSes, VPNs and other tools. But no one has taken the idea of defense-in-depth to its logical conclusion: turn the network "inside out." Make every part of the network "crunchy." Push firewalls to every device on the network--from database servers to desktops--down to the port level.
[ Read more ]