This paper is my analysis on the Firewall Security Strategies that are available to secure a client’s network. The security strategy list includes; Security through Obscurity, Least Privilege, Simplicity, Defense in Depth, Diversity of Defense, Choke point, Weakest Link, and Fail-safe.
Strategy
Pros
Cons
Security through Obscurity
Relative invisibility
Takes Attackers longer to find you
False sense of Security
There are a slew of hacker tools to see past this
Cat & Mouse instead of actual Security
This security strategy+6may seem like a good idea at first but in the long run will end up spending unnecessary money and man hours to maintain a Cat & Mouse smoke screen.
Least Privilege
Old concept, Proven
Can be managed at Group and Domain Level Policies
People believe it is difficult to implement
Increase in Administrative Overhead
This strategy is more of a controlling approach that has been around for a while and works, but it must be well maintained. It is not used so much because people think that it is too complex to setup, in actuality it is just a matter of using Group and Domain policies to control unauthorized access of users.
Simplicity
Easy to maintain
Easy to configure wrong
Administrator becomes complacent
This strategy is one of the easiest to maintain but the Administrator must ensure to configure it properly. Another thing with this type of strategy, it is easy for the Administrator to become complacent.
Defense in Depth
Best Layered Defense
Isolation of Networks
No single point of failure
Threat delay
Can accrue high costs
Incorrect configuration creates vulnerabilities
This is probably the best strategy to utilize in order to protect a network, mainly because you are able to isolate sections of the network using subnets and there is no single point of failure. By isolating affected portions of a network you delay the threat from going any further. The only downside is it can be costly to implement and...