- Adopt a risk management methodology – ou can't know what to protect and how much to spend if you don't know what assets are at risk.
- Layer your security measures – Complement firewalls with host and application security.
- Compartmentalize your network and data – Would you put a screen door on a submarine?
- Implement stronger authentication – Authentication is the enabler of all security, so firm it up!
- Implement admission and endpoint controls – Only allow devices that pass admission criteria to connect to your network.
- Improve the granularity of your access controls – Carte blanche access is a recipe for disaster.
- Develop a secure software methodology – Secure code review and testing are as important to Web applications as operating systems.
- Be proactive with security – Routinely scan networks, servers and clients.
- Develop an "attack anticipation" mentality – Prevention is better than detection.
- Ensure information integrity, privacy, availability – If you can't make your data accurate and available to authorized users only, what's the point of networking at all?
Check out Dave's full-length presentation here.
Dave Piscitello is an authority on network security with more than 30 years experience in data networking and telecommunications. Dave is President of Core Competence Inc., founder and program manager of The Internet Security Conference, and chairman of Networld+Interop's Security Conference. Dave has authored books on internetworking and remote access, and regularly publishes articles on a variety of subjects including switched internetworking, ATM and Gigabit Ethernet, Internet security, and virtual private networking.
This was first published in May 2005