Perimeter Security Audit - What's your take?
Establishing perimeter security for networks enables organizations to manage the risks associated with connecting proprietary enterprise networks to one or more external entities via private or public networks. Furthermore, with the deliberate and complex integration of networks among organizations, simple barriers are no longer appropriate or adequate solutions to network security. Therefore, network perimeter security is an organization’s first and most crucial layer of defense.
· Authorization, authentication, and access control
· Confidentiality and privacy requirements
· User identification and authorization profiles
· Centralized security administration
· Cryptographic key management
· Incident handling, reporting, and follow-up
· Virus prevention and detection
· Need-to-have and need-to-know
· User training
· Tools for monitoring compliance, intrusion testing, and reporting
A key concept of security is depth—multiple layers of protection that have to be circumvented to gain access to internal information assets and resources.