| |
Home > Products > In Focus
|
In Focus: Securing Data Assets
Challenges to the Firewall Concept
The firewall concept in IT security advocates a strong perimeter defense between the internal company network and the outside world. Implementing this model requires a clear definition of what is "inside" and what is "outside" the company network.
However, trends in business and technology such as outsourcing, insourcing, web services, and remote access requires that companies share more resources with partners and customers. The result is that enterprise boundaries are becoming increasingly fuzzy. It is becoming more difficult to say whether a particular resource is inside or outside the firewall.
At the same time, companies are under more pressure than ever to address risk and prove to auditors that they are adequately protecting data on financial reporting, customer data, and other sensitive information. Against this backdrop, layered defense strategies, which add flexibility to the traditional firewall concept, are becoming increasingly important.
Layered Defense Strategies
A number of techniques are available for companies who want to bolster the firewall concept with a layered defense strategy for extended company networks. These techniques offer additional defense lines on the "inside" of the traditional firewall perimeter.
What techniques are appropriate depends on the IT infrastructure your organization wants to secure. The following table provides some examples of different techniques for different parts of the infrastructure:
| Infrastructure
| In-Depth Defense Strategy
|
| Files or network shares with sensitive information |
Transparent file encryption to protect sensitive data |
| Sensitive configuration files with settings that impact system security and integrity |
File monitoring and integrity checking |
| Client-server communication using clear-text protocols for sensitive information |
Encrypted data channels using for example SSL authentication or SSH |
| Servers storing sensitive data |
Host-based intrusion detection / prevention |
Defense In Depth With FoxT IT Controls
Companies want to implement flexible defense mechanisms that do not stop those sharing resources with partners and customers, but are robust enough to satisfy their auditors.
FoxT Enterprise Access Controls Management provides numerous features to help strengthen the enterprise defense lines. All of these features are centrally managed using the FoxT multi-service security server. Some key FoxT Enterprise Access Controls Management features include:
- File encryption with group keys. Allows groups of users to create and use files on encrypted network shares. Data is encrypted client-side and thereby sent encrypted over the network when files are stored or opened. Encryption of folders is completely transparent to applications, which means files can be accessed from within all common office applications.
- File monitoring and integrity checking. Enables active surveillance of files and configurations. Combined with real-time alarms, these features enable hardening of systems in a non-intrusive manner.
- Secure communications and "application firewalls". Data transferred over the network can easily be intercepted. Sending sensitive data in clear text is asking for trouble - if not with hackers, then most certainly with auditors. FoxT Enterprise Access Controls Management offers a number of flexible methods to protect your data channels including centrally managed SSH, line-encryption for applications based on double-sided SSL authentication, encrypted telnet, and other secure protocols.
- Intrusion detection. Messages forwarded from protected hosts for centralized audit logging can be filtered to generate real-time alarms. The combination of data from sources such as FoxT access controls and the file monitoring and integrity checking facilities can be used by security administrators to configure a fine-grained filter for events that indicate abnormal behavior or intrusion attempts.
|
|
|
