Network Perimeter Security as a proactive and preventive BCP Strategy
Perimeter security includes the establishment of a controlled perimeter surrounding networks. All incoming traffic will be filtered, blocked, analysed using a secure architecture structure and as well as network devices such as routers, firewalls, IDS and IPS systems, and switches. The objective is to ensure that external threats from the untrusted internet and internal threats from insiders do not enter systems in the operations secure zone. A secure perimeter can cut down on the spread of threats throughout the network which is therefore viewed as a BCP preventive strategy.
Most Appropriate Use
Network security is an key part of the defence-in-depth strategy and the active security model such as to requirement to protect, detect, respond, and recover from an attack. Perimeter security is also a BCP preventive strategy since the perimeter can be used to block and reduce the impacts of attacks aimed at compromising the availability of devices.
Advantages
Access to networks and systems can be tightly controlled. Users logging on to systems will be identified, authenticated and authorized before they gain access to sensitive data on the network. This will result in the enforcement of access control, the reduction of malware, and the reduction of attacks against communication systems that will seek to exploit vulnerabilities and compromise the availability, integrity and confidentiality of information.
Disadvantages
As cost is the major factor, the BCP Coordinator should work with the network administrators to develop a business case for the installation of devices related to network security. Costs also include the financial cost as well as the costs associated with bandwidth restrictions, latency, human resource costs and possible slowdown in the production environment.
The business case provided will show the return on security investment.
Typical Costs
Associated costs include the restriction of bandwidth and throughput associated with screening devices such as IDS, routers and firewalls.
Suggestions
The BCP Coordinator should work with the network staff (e.g. administrators, staff) to research products that can provide the high network perimeter security potential, high screening and blocking capabilities while at the same time promise a lower hit on the throughput, latency and bandwidth consumption
