|
Many organizations screen and prevent the public from entering their inner offices with a reception area and visitor identification protocol - a physical demarcation.
Wrapped into this physical demarcation are often the likes of security guards and receptionists to check all individuals and packages entering or leaving the office.
In terms of protecting an organization's systems, the same "principle of separation" should exist
to protect every small, medium and large enterprise connected to a very insecure internet.
The Internet is an increasingly dangerous place, particularly as network attacks have evolved from a hacker's hobby to a sophisticated and lucrative business. With more online applications and remote network devices the increase in cyber hazard can only multiply.
The principle of separation implies some assets are more valuable than others. A prudent network security model should incorporate a demarcation and multi-layered approach, designed to increase the complexity for an intruder to access and/or leverage off an organization's data and business systems residing in their trusted network.
Multi-tiered computer security infrastructure can incorporate but is not limited to the following tools:
| |
Likened to: |
 Perimeter Firewall |
The front wall, windows and doors to your office |
Demilitarised Zone (DMZ) |
Your reception area |
DMZ Services |
A team of receptionists and personal assistants working hard to ensure services found in the back office work smoothly and look good |
Internal Firewall |
Inner walls and doors found between your reception area and internal/back office |
2 or 3 Factor Authentication |
Having a guest list and guard to check entrants against this list for clearance |
Intrusion Detection System |
Receptionists and security guards monitor and report irregular or excessive activities occurring throughout the reception area |
Intrusion Prevention System |
Security guards monitor outside activity for malicious or unwanted behaviour and try to prevent threats from entering your building |
Anti-Spam and Anti-Virus Filtering |
Mail and file sorting and screening services provided by your receptionists |
Malware and Spyware Protection
and Detection
|
Internal staff monitoring and reporting irregular or excessive activities which have penetrated into your internal office |
Could an organization forego one or more security tools in preference for others? Perhaps - however a well defended organization should strive to install most, if not all, pillars of security in their network defences because no one item could guarantee 100% security. "Strength" is the combination of security tools.
Access anywhere and anytime is a challenge for most organizations to meet.
|
Network administrators fight an endless vigilant battle to ensure network security is at the highest possible levels because cybercriminals are constantly evolving a wealth of sinister tools designed to stay ahead of protection defences. |
|
End-user need their access point to be kept easy, inexpensive, convenient and highly functional. |
A DMZ with all its affiliated services goes beyond the other layers or "pillars" of network security previously described. A scalable DMZ with services will:
|
Establish a security zone (reception area) for your trusted network (backend / internal office) |
|
Provide a range of network services (security guards, receptionists and technicians) that work hard to help cloak and protect systems and information within your trusted network |
|
Provide a range of network services (personal assistants, engineers and technicians) to improve the performance of systems in your trusted network (managers) and makes them look good |
Security Protection Tools
| |
Firewalls |
Intrusion Detection & Prevention System |
2-3 Tiered User Authentication |
Self-Built DMZ |
iWebGate DMZ |
| Authorisation |
|
|
|
|
|
| Authentication |
|
|
|
|
|
| Network Services |
|
|
|
|
|
| Cloud Possibilities |
|
|
|
|
|
For example, intrusion detection or 2-factored authentication does not eliminate the need for productivity sapping VPN services or securely collect data from remote networks without firewall issues which allows for the delivery of cloud reporting services - information capability of the future today.
1. DMZ Solution Not Implemented
Without a DMZ, a damaging attack is only a matter of "when" not a question of "if" especially if the network and affiliated firewalls are poorly configured.
Many small to medium enterprises (SMEs) rely on their firewall as the primary means of network security. Firewalls do have a number of weaknesses and computers residing in a trusted network (office) are frequently exposed directly to the Internet and vulnerable to attacks.
2. Costs and Complexities Associated with Self-Built DMZ Solutions
Commercially available DMZ solutions are not readily available. An extensive online search does not reveal many pre-configured DMZ solutions that you can buy right now ... and do not get confused with the 'DMZ Host' / 'Bastion Host' option found in many firewalls.
Therefore DMZs have been largely overlooked or simply classified as not feasible for most SMEs because of the complexity, time and costs involved deploying a scalable solution from the ground up.
A self-built DMZ requires an array of hardware (e.g. servers) and disparate software to be installed, meticulous coordination and maintained.
iWebGate's DMZ Solution eliminates the time, complexity and costs previously associated with establishing a self-built DMZ.
We have pioneered the convergence of all major services required for a secure and scalable DMZ into a single, extremely affordable and easy to use network solution.
Benefits
|
If an iWebGate DMZ Solution is breached - services residing in the trusted network are likely to remain untouched and quarantined from the attack |
|
Seamless integration with existing systems including Microsoft technologies (i.e. iWebGate DMZ Solution setup and ready to go in less than 20 minutes), no per-user licensing and simplicity enables DMZ technology to be available for every SME |
|
An iWebGate DMZ Solution yields significant reductions in carbon emissions, end-of-life cycle waste material and power consumption compared to self-built DMZs |
|
iWebGate customers continually report of faster, easier access to the applications and information they need which means more revenue opportunities, deeper relationships and less costs |
Our clients provide safer, greener, easier, faster and cheaper ways for their management and staff to access the applications, files, reports and information they need - anywhere, anytime - from a single solution!
Scalable DMZ technology transforms the services a network can deliver.
Our clients can easily deliver a range of private and public "cloud" solutions from existing infrastructure which generates additional revenue, forges deeper relationships and improves business efficiencies with suppliers and customers - all without directly exposing anyone's business systems to a volatile public network like the Internet.
|
