-Specific Security Management"> A reasonable concern arises out the complexity of a Server-Specific Security implementation with protection on nearly every server. Yet, when consistently implemented with industry accepted Firewall / VPN software, such as Check Point NG or similar products, management of a complex collection of firewalls is straight-forward. It is easily administered through an intuitive GUI, like Check Points "Smart Dashboard" tools. Because there is no reliance on a trusted LAN when using a Server-Specific Security-based architecture, open points of access to the intranet (like guest terminals and wireless access points) are no longer as serious an exposure. Certainly, not all servers need be secured, and some can still be on the "untrusted" intranet within the perimeter. Open access points may be isolated and only be allowed specified access to the Internet, or a public data server. Or, they may be defined with designated VPN access to specific data. Custom policies for each server function and even entry points (as in the above WAP example) are now possible, thereby making the system flexible as needs change.
Security policies can be custom-defined for each protected server as the result of a careful study of the organization according to some basic objectives of security:
- Users only have access to data they need to know to do their job
- Protection can be allocated to servers according to the worst-case impact that a compromise could create, with focus on mission critical data.
- There is no such thing as a trusted common LAN, or a trusted user. All networks are treated essentially as DMZs.
- Like a good lock, make unauthorized access so difficult, that intruders go elsewhere, are delayed, or make mistakes and get caught.