As usual, the author paints a story that it is unusual for there to be network connections that circumvent "the firewall".

While this is typical, a perimeter is a perimeter, and unless your neighbours are willing to harmonize policies on that common perimeter, your partners should be outside a perimeter of some description. Harmonizing policies is very difficult without a common span of control. So this comes back to risk management on the partner perimeter, and with management perceiving the threat at a lower level from partners than from the big bad Internet, the resources aren't there to secure partner networks to the same degree as the evil Internet.

Truthfully, a partner is no better or worse than the Internet and should be treated with the same processes, if a more relaxed policy because partner network connections are so much more critical to the business.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/6767/21677#21677