> Editorial > Full Story
Thinking beyond firewalls
the exponential growth demonstrated by corporate networks,
most corporations have reached a point where it is almost
impossible to have a control over data security.
Also, with more and more enterprises hopping onto the Net
in order to save costs and increase efficiencies, the distinction
between private and public networks is fast blurring. This
is making it difficult for enterprises to fortify their data
against external as well as internal attacks.
A firewall acts as the first line of defense against malicious
hackers having a go at your precious data. But firewalls have
their inherent drawbacks too. Firstly, they are not very effective
against viruses or the new-age malicious worms that are capable
of incapacitating enterprise systems. Then they are prone
to internal attacks, mostly from disgruntled employees who
do not have to pass through the firewall itself. Most investigations
regarding hacking have shown that 60-80 percent of all security
breaches come from within a company, rendering its firewall
however advanced useless. Then you still need to worry about
external hackers, who can use alternative paths like telephone
switches, modems or even remote connections to the company
server. These coupled with other equally vital factors makes
it necessary for enterprises to think of security measures
There are numerous other tools/techniques, including Intrusion
Detection Systems (IDS), encryption, etc, that can provide
additional fortification for your enterprise data, just in
case someone violates the first line of defense. But, sadly,
even these may not be able to ensure foolproof security.
All this points to one thing, a need for a comprehensive security
policy. A security policy is a prerequisite to proper security.
It provides direction, it treats all areas necessary for proper
security, and most important, provide a means for consistency.
Without direction, completeness, and consistency, security
can always be easily breached.
A security policy entails a detailed analysis of potential
security breaches, implementing firewalls, IDS, hierarchical
authorization to determine who can access particular type
of data/files, and operational procedures like periodic software
updates, disaster recover, etc.
Despite all this, a security policy will not be complete in
the absence of user guidelines you need to tell users not
to have post-it notes with their passwords on their monitors.
Does all this guarantee 100 percent security for you enterprise?
No realistic computer or server security is foolproof. A security
policy merely lessens the chance of any security breach. A
best way to protect you enterprise network would be to periodically
evaluate and update your security policy.