Mar 232011
 

One question seems to be on every CIO’s mind…
How can our organization unlock YouTube, Twitter and Facebook and still be secure?  Well it can be done and here is a plan.

  • Virtual Applications set up in the DMZ
  • Kiosk Access
  • Set up a Virtual Internet Application Social Media Security Server  (See Diagram Below) in your DMZ to ensure you can give access to Facebook, Twitter, Youtube, LinkedIn, etc without compromising security
  • Kicker – Add a Separate Social Media non business grade line from Comcast to run streaming media and social media applications through.
  • Allow access to Facebook without compromising corporate bandwidth or adding virus and malware propagation risk through this channel by using Next Generation Firewalls through Sonicwall

If you have any questions or comments please email or tweet me!

Jan 172011
 

As the old fashioned firewall concept has morphed into one that is a multi faceted security perimeter, I have developed a series of questions that can uncover the correct answers to you as you continue to refine and define what the security edge should look like for you. Use the reference architecture for this post that I have built that you can find HERE

From an ease of digestion perspective, I am going to release this in two parts since there are 22 questions. As always, if you have questions email me at billm@cioes.org or post a question to my blog below. Thanks, Bill

Reference Architecture Intelligent Perimeters: Edge Sites, Private WAN, Internet, Public WAN, Cloud Access Control.

Sample Technologies covered are: Firewalls, UTM Firewalls, App Proxy, IDP/IDS, DLP Systems, SPAM Filters, Load Balancers, Content Filters

1. Are DMZs deployed for network segmentation for interfacing with Internet customers, and partners?

2. Confidence level of DMZ on a scale of 1-10. (10 is very confident)

3. Has a detailed cable trace been done to validate the DMZ?

4. Preferred Firewall manufacturer?
•Do the firewall rules explicitly deny traffic to and from the DMZ?
•Is the version level current with the offering of the manufacturer?

5. Are services like Ecommerce sites and other systems hosted in the DMZ?
Are there any concerns about architecture?

6. On a scale of 1-10 does your DMZ match the security policy of the organization?

7. Where does standard VPN access terminate? Have they been reviewed?
•DMZ
•Firewall
•LAN

8. Firewall – Is it a UTM (Unified Threat Mgmt device) providing IPS, Gateway anti-virus, anti-spyware?
If no,
•What is the approach for IPS?
•What is being used for Anti-virus/
•What is the approach used for anti-spyware?

9. Do you have redundancy on the following?
•ISP – inbound
•ISP – outbound
•Firewalls
•Load Balancers
•Content Filters
•VPNs
•SSL VPNs

10. Is there a dedicated device for web content filtering?
•For What? Check all that apply? Web, Email, DLP
•Is it AD Aware?

11. How is Anti spam and Phishing handled?

Sep 062010
 

I tell in this video a story of a man I knew named Bob Samara who taught me about DMZs, the jungles of Vietnam, firewalking, fear, and how to survive as a ‘point man’ with a 109 pound German Shepard online canadian pharmacy named Rolf.
During the story I draw the analogy to today’s IT security and DMZs.

I hope that you enjoy this vidblog. Please give me your feedback – Bill Murphy billm@cioes.org