“There are no rules of architecture for a castle in the clouds.” ~G.K. Chesterton
I was reminded by this quote, as I compiled the best, best, best questions to ask regarding Intelligent Perimeters to follow Part 1, aren’t network perimeters of the future going to be the gateway to the Cloud? Look at the quote from G.K. Chesterton. Do you agree? From a security perspective, a CIO will need to understand even more clearly how security architecture and design integrate into building intelligent perimeters.
As I wrote the questions to part 2, I thought, “Oh no! More security information!” The quote from Eliot struck me as oddly correct. Use the information that you are gathering in these questions to feed the architecture. It is my intent to merge wisdom with knowledge.
11. (Numbers cont’d from Part 1)Do you have gateway protection at the network perimeter for?
- Malware / Spyware
- Content management?
- Are you using the perimeter to enforce email policy for “outbound email hygene?
12. Is your mail relay?
- In the Cloud
- Internal Network
13. Do you prefer your security systems?
- Virtual appliances
- Software on servers
14. Do you prefer appliance strategies or software with perimeter defenses?
15. Where do your organizational skills lie? Microsoft/ Linux/ Other?
16. Can the DMZ be replicated at the DR site? If not, what aspects of it are needed? How manual will it be?
17. What is the philosophy regarding a PC anti-spyware versus “in-line” approach to anti-spyware?
18. Do you outsource any aspects of perimeter defense (Firewalls, SPAM, AV, etc.)?
19. Is remote access remediation integrated into the help desk appropriately?
20. IDP/ IDS/ IPS – Are they deployed
- Where? Inside the network? Outside the network?
- Do you outsource these services?
- Why? (Yes/No)
- How are logging, monitoring, and forensics/reporting handled?
21. Centralized Management of security devices
- Remote Sites Firewalls
- VPN client end-points
- SSL VPN clients