In sports, it's pretty much accepted wisdom that home teams have the advantage; that's why teams with winning records on the road do so well in the playoffs. But for some reason we rarely think about "the home field advantage" when we look at defending our networks. After all, the best practice in architecting a secure network is a layered, defense-in-depth strategy. We use firewalls, DMZs, VPNs, and configure VLANs on our switches to control the flow of traffic into and through the perimeter, and use network and host-based IDS technology as sensors to alert us to intrusions.
Expand all |
Post comment
Kudos to Mr. Barish for pointing out the efficacy of internal traffic analysis. The amount of good information generated by the devices handling traffic within a network and the accurate analysis of that traffic to achieve even a reasonable amount of situational awareness [or 'keep the bubble'] is an art not understood by Network and System Admins today, in many cases.
Good of Mr. Barish to highlight these issues, as it is not always the easiest spotted thing that should be of the most concern, i.e., "What is 'normal'"?
Best, H
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1894/970#970