Defining an Enterprise Security Strategy

Shaun Hummel
There are five primary security groups that should be considered with any enterprise security model. These include security policy, perimeter, network, transaction and monitoring security. These are all part of any effective company security strategy.

Any enterprise network has a perimeter that represents all equipment and circuits that connect to external networks, both public and private. The internal network is comprised of all the servers, applications, data, and devices used for company operations. The demilitarized zone (DMZ) represents a location between the internal network and the perimeter comprised of firewalls and public servers. It allows some access for external users to those network servers and denies traffic that would get to internal servers. That doesn't mean that all external users will be denied access to internal networks. On the contrary, a proper security strategy specifies who can access what and from where.

For instance, telecommuters will use VPN concentrators at the perimeter to access Windows and UNIX servers. Business partners could use an Extranet VPN connection for access to the company S/390 Mainframe. Define what security is required at all servers to protect company applications and files.

Identify transaction protocols required to secure data as it travels across secure and non-secure network segments. Monitoring activities should then be defined that examine packets in real time as a defensive and proactive strategy for protecting against internal and external attacks. A recent survey revealed that internal attacks from disgruntled employees and consultants are more prevalent than hacker attacks. Virus detection should then be addressed, since allowed sessions could be carrying a virus at the application layer with an e-mail or a file transfer.

Security Policy Document

The security policy document describes various policies for all employees that use the enterprise network. It specifies what an employee is permitted to do and with what resources. The policy includes non-employees, such as consultants, business partners, clients and terminated employees. In addition, security policies are defined for Internet e-mail and virus detection. It defines what cyclical process, if any, is used for examining and improving security.

Perimeter Security

This describes a first line of defense that external users must deal with before authenticating to the network. It is security for traffic whose source and destination is an external network. Many components are used to secure the perimeter of a network. The assessment reviews all perimeter devices currently utilized. Typical perimeter devices are firewalls, external routers, TACACS servers, RADIUS servers, dial servers, VPN concentrators and modems.

Network Security

This is defined as all the server and legacy host security that is implemented for authenticating and authorizing internal and external employees. When a user has been authenticated through perimeter security, it is the security that must be dealt with before starting any applications. The network exists to carry traffic between workstations and network applications. Network applications are implemented on a shared server that could be running an operating system such as Windows, UNIX or Mainframe MVS. It is the responsibility of the operating system to store data, respond to requests for data, and maintain security for that data.

Once users are authenticated to a Windows ADS domain with a specific user account, they have privileges that have been granted to that account. Such privileges would be to access specific directories at one or many servers, start applications, and administer some or all of the Windows servers. When the user authenticates to the Windows Active Directory Services, it is not distributed to any specific server. There are tremendous management and availability advantages to that, since all accounts are managed from a centralized perspective and security database copies are maintained at various servers across the network. UNIX and Mainframe hosts will usually require logon to a specific system, however, the network rights could be distributed to many hosts.

  • Network operating system domain authentication and authorization
  • Windows Active Directory Services authentication and authorization
  • UNIX and Mainframe host authentication and authorization
  • Application authorization per server
  • File and data authorization

Next Page: Transaction and Monitoring Security

Add Comment      Leave a comment on this blog post
Nov 12, 2009 2:11 PM Mark Mark  says:
Not bad, you missed a lot. With policies you also should have procedures and education/awareness. Incident response is really important to contain and mitigate the impact of an attack. You need defense in depth strategy with both ingress and egress controls. Technical controls are important and knowing who did what and when will help. One other aspect and I have not covered all aspects of a defense in depth strategy is audit and review. Audits give you an in-depth perspective of your controls and if they are working. Reply
Nov 20, 2009 6:11 PM Coby Royer Coby Royer  says:
I have to say that Access Control is the quintessential element of Enterprise Security. Perhaps this could fit into Transaction Security in your taxonomy. Going beyond transaction and network security, the Enterprise Security steward must address WHO is allowed to access WHAT. Not all accesses are transactional´┐Żas security professionals we ensure enterprise knowledge assets are protected as well (e.g., maintaining the "Chinese Wall" for investment banking research etc). Access Control technology effects the CONTROLS that ensure adherence to your Security Policy´┐Żbasically giving teeth to the policies that use verbiage to describe who has access to what. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.