Gary Richardson, Invensys Critical Infrastructure & Security Practice consultant, explains how security appliances can fulfill multiple roles in defending networks.
In today’s cyber security landscape, a firewall is considered a paramount first line of defense in securing your networks. Many Distributed Control Systems, SCADA, Automation, and Process networks sit behind these devices that empower the nation’s critical infrastructure. While attacks on secure networks have increased in frequency and sophistication, firewalls have developed into security appliances capable of fulfilling multiple roles in defending networks. The current generation of security appliances offers the following technologies to enhance your cyber security solution:
Zone Segregation
Security appliances have the capability to segregate multiple networks into virtual zones within the device. This allows isolation of networks and the ability to control what flows in and out of the zones in great detail.
Rules and Policies
In addition to controlling traffic flows between zones, policies support the configuration of anti-virus, traffic inspection, logging, and specific ports and services to further define what is permissible data traversing your network.
Multi-Layer Operation
Security appliances have the capability of operating in a transparent mode or routed mode. In transparent mode, the device passes traffic at layer 2 and downstream nodes are unaware of the device. This allows the device to be implemented with a simple configuration and provides traffic logging and alerting. In routed mode, the device operates as a traditional firewall and router would, allowing segregation of network segments directly connected to the unit. Routing, NAT, or a combination of the two can be used to manage traffic paths.
Failover and Load Balancing
Most security appliances support high availability configurations. Traditionally, devices can be physically paired for stateful failover or configured independently for load balancing and failover purposes. To further enhance failover capabilities, monitors, triggers, and configuration integrity checks can be enabled.
Anti-Virus and Traffic Inspection
Security appliances possess the capability to inspect data streams for virus, Trojan, and worm signatures. Many appliances also feature traffic inspection at upper OSI layers as well as compressed data for attack signatures and behaviors. This feature allows the device to filter and alert on suspect traffic such as port scans, network mapping, and compressed payloads.
Logging and Alerting
While logging and alerting are certainly not new features, when paired with the aforementioned technologies they become an essential component of early detection and suppression of malicious
data in your environment.
Current generation security appliances have many features and technologies built into a single device. However, these devices should still be treated as point solutions and play an integral part of your overall cyber security program. A best practice layered approach should be a tiered, policy-based solution to ensure that the integrity of your cyber assets are protected and monitored.
Hi,
ReplyDeleteToday, UTM packages are the best firewall appliances and gateway protection of numerous threat access points and offers the inclusion network layer scanning and prevention of content based attacks.
The major services of UTM firewall appliances are:
1- Crafting the systems without any vulnerability.
2- Can act perfectly by taking the perfect remediation steps remove the threats and patch them.
3- Detecting the attack and exploit attempts and block them before serious damage is done.
Sounds like a good idea.
ReplyDelete