Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

C. J. Kelly

A Day in the Life of an Information Security Officer

Firewall at the core

IT TOPICS:Security

This little snippet caught my attention. According to what I read, Sydney's Macquarie University recently spent AU$1 million to remove the perimeter firewalls and install firewalling at the core of the network. I think the reasoning behind that is because universities have an open culture and foster open access, so having perimeter firewalls doesn't do you much good when you have to open every port imaginable on those firewalls.

Apparently they are using a solution from Nortel and channel partner, 3D Networks. Let's see what Nortel has to say about this. "The AU$1 million solution from Nortel and channel partner 3D Networks will replace multiple separate firewalls and ad-hoc security gateways with a network of secure routers connected to a central firewall for all incoming and outgoing traffic."

More specifically, "Nortel's solution includes Ethernet Routing Switch 8600 and Nortel Switched Firewalls with Checkpoint security software pre-installed. Implementation started this month and is expected to be complete by September."

Okay, so now I get it. Yeah. That might work. I noticed that in this week's SANS NewsBites Vol. 8 Num. 55, a couple of the editors of the newsletter disagreed with this approach. At least that's what I gathered from their comments. I think the main complaint is that it is risky business to rely on a central switch/firewall at the core for security. Okay, so build in some redundancy to the solution. I like the idea myself. Basically, all traffic going hither and yonder is inspected and passed or denied based on the firewall ruleset. This is how you address what has been heretofore largely ignored - internal traffic. As the network edge disappears there is no longer the idea of internal vs. external traffic... it's all just traffic.

This type of solution would work in the government infrastructure I work in. Lots of little and big state agencies connecting through the state's WAN, depending upon the state level WAN guys to secure the perimeter, while not securing their individual LAN environments. Scary. And you can imagine that securing the endpoints of a large sprawling state network is a daunting task.

I am going to pay attention to this trend.

Email this

Digg this

Web filtering internationally, part 1: China

The fobbit

Unlock/jailbreak new iPhone 3G software with #blackra1n app

CIO: Clunky security biggest bugaboo in 2010

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

The State of PCI DSS Compliance at Organizations Today
Download this resource today!

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

All White Papers | All Webcasts