Greg YoungSecurity geeks love tired old metaphors and saws. Often these are used like a threatened octopus spouting ink to confound opponents and provide intellectual cover to escape under, but sometimes they are helpful.
One oldie but a goodie is that “brakes don’t help you stop, they make it so you can go faster”. Good network security let’s the business get on with doing business. Relying only on embedded security constrains business.
Let’s pile on the metaphors now: good network security encloses the sandbox. by containing and not constraining new creative things can happen and no one loses an eye. A playground monitor is required to make sure that any indictable behavior gets stopped or no cats get to burying things in the playarea, but embedding security in the network is limiting. Networks and network equipments change a lot. By embedding security in the infrastructure your security can limit innovation and security. Want upgraded deep packet inspection? Then you had better look at upgrading all your routers and switches and having some downtime kicking the SLAs right in the soft packets, only deploying security where you have those switches and routers, and forget about the real world where multiple network vendors are used.
Network devices are made to move packets, not stop them. Let the network move ‘em, and use a separate security layer to put the brakes when things go too fast or you want to let an annoying passenger off.
Comments Off
Category: Security Tags:
