Firewall » CIO Executive Series

As the old fashioned firewall concept has morphed into one that is a multi faceted security perimeter, I have developed a series of questions that can uncover the correct answers to you as you continue to refine and define what the security edge should look like for you. Use the reference architecture for this post that I have built that you can find HERE

From an ease of digestion perspective, I am going to release this in two parts since there are 22 questions. As always, if you have questions email me at billm@cioes.org or post a question to my blog below. Thanks, Bill

Reference Architecture Intelligent Perimeters: Edge Sites, Private WAN, Internet, Public WAN, Cloud Access Control.

Sample Technologies covered are: Firewalls, UTM Firewalls, App Proxy, IDP/IDS, DLP Systems, SPAM Filters, Load Balancers, Content Filters

1. Are DMZs deployed for network segmentation for interfacing with Internet customers, and partners?

2. Confidence level of DMZ on a scale of 1-10. (10 is very confident)

3. Has a detailed cable trace been done to validate the DMZ?

4. Preferred Firewall manufacturer?
•Do the firewall rules explicitly deny traffic to and from the DMZ?
•Is the version level current with the offering of the manufacturer?

5. Are services like Ecommerce sites and other systems hosted in the DMZ?
Are there any concerns about architecture?

6. On a scale of 1-10 does your DMZ match the security policy of the organization?

7. Where does standard VPN access terminate? Have they been reviewed?
•DMZ
•Firewall
•LAN

8. Firewall – Is it a UTM (Unified Threat Mgmt device) providing IPS, Gateway anti-virus, anti-spyware?
If no,
•What is the approach for IPS?
•What is being used for Anti-virus/
•What is the approach used for anti-spyware?

9. Do you have redundancy on the following?
•ISP – inbound
•ISP – outbound
•Firewalls
•Load Balancers
•Content Filters
•VPNs
•SSL VPNs

10. Is there a dedicated device for web content filtering?
•For What? Check all that apply? Web, Email, DLP
•Is it AD Aware?

11. How is Anti spam and Phishing handled?

Should you consider partnering with a Managed Service Provider for your non-core technology needs? I have found that the best methods of IT staffing aren’t necessarily behind your company’s four walls. This is where Managed Services Providers are an excellent option to consider.

Can you afford the personnel costs of managing and supporting your IT investments?
Does change in technology and the rate of that change negatively impact your staffing efforts?
Would you like your IT people to spend more time focused on core systems and member facing applications? Could you do this if the basic, everyday IT “plumbing” were handled?
Can you afford the raw hardware and software costs for IT today? Does this part of the budget frustrate you?
Does compliance risk associated with DR, Security, and infrastructure keep you up at night?
Are you keeping pace with requirements when it comes to compliance and IT? Have you developed a multi-year approach to planning technology compliance?
How good is your reporting in tough areas of the network related to logging and auditing?

Working with a Managed Service Provider will mitigate many of your every day IT concerns. When you have a trusted IT partner who understands and keeps up with compliance and the technical aspects of Disaster Recovery, IT Security, Infrastructure, and IT operations, you will free up valuable internal technology resources (hardware, software, and people) that can focus on more strategic, member-facing initiatives that directly impact your bottom line.

CIO Executive Series

CIO TV: Being a Special Forces Pointman with a 109 pound German Shepard in Vietnam

Follow Us

Next Event!

Search

View Presentations for Events

Subscribe to Our Feed!

CIOES on Twitter