The enterprise perimeter has expanded with mobile devices like laptops, PDAs,
USB memory sticks constantly traveling outside the corporate firewall. Wireless
LANs allow external connections that bypass firewalls. Secure sockets layer
access to Web portals and other internal applications allows encrypted traffic
to flow through perimeter firewalls and intrusion prevention systems unexamined.
Network administrators are, therefore, finding traditional perimeter security
solutions inadequate in preventing the spread of worms and viruses inside their
networks.
Enterprises need to develop a robust internal security deployment strategy.
Internal networks are complex with homegrown applications, client-to-client
applications, loose adherence to protocols, and no central security coordinator.
Unlike perimeter networks, where all traffic is blocked unless explicitly
allowed, internal networks need to allow all traffic unless it is explicitly
blocked. An effective internal threat prevention and containment strategy is to
deploy multiple lines of defense.
Personal Firewalls
Most blended threats and worms enter the network when legitimate users
connect compromised machines into a corporate network. Machines can get
compromised due to ineffective patch management or exposure to unprotected
environments. Patches are often out of sync with the emerging vulnerabilities.
And anti-virus-signature updates become available only after an attack has
occurred.
|
Personal firewalls being rule based and not signature based, provide
pre-emptive protection. Personal firewalls reside on client devices and process
traffic based on user- or administrator-defined rules. They also provide
application control by monitoring all application requests to access local and
network resources and allow administrators to centrally enforce policies by
blocking network access to vulnerable endpoints.
Internal Security Gateways
While personal firewalls provide a solid frontline defense, not all
endpoints that connect to the internal network are protected. Very often
customers, partners, and consultants access the internal network without
endpoint integrity verification. Infected endpoints can proliferate threats
instantly across the corporate network.
Internal security gateways (ISG) are deployed to contain threats from
spreading. ISGs segment the internal network into security zones and are placed
inline between all traffic into and out of the security zone. For example, each
department in a corporation may be configured to be its own subnet or security
zone. ISGs can detect and block the known as well as zero-day attacks, before
they infect the network. ISGs detect protocol anomalies and malicious code at
both the network and application layers. Unlike traditional intrusion prevention
solutions, ISGs are designed specifically for internal networks and also
understand and protect against LAN-based protocol attacks.
Host-based Security
Internal networks consist of business-critical servers that are the ultimate
goal for hackers to penetrate. Therefore, any effective internal security
strategy requires host-based security software that runs on individual hosts and
inspects the traffic to and from its host server or PC. This software can detect
new host software or configuration changes and determine the resulting security
exposure. Like personal firewalls, host-based software can enforce remediation
for non-compliant hosts, which is very effective for patch management. It also
accumulates data on normal host functions and traffic and can lock down servers
if it detects a threat or malicious code.
Ideally, all layers of defenses should be integrated and should work in
tandem from central management, authentication and log consolidation, and
correlation. Deploying a layered approach to internal security can protect your
valuable corporate resources from malicious intrusions and intruders.
Vinay Goel Check
Point Software