The Tips and Tricks Guide to Secure Content Applicancesby Dan Sullivan
The purpose of The Tips and Tricks Guide to Secure Content Appliances is to answer common questions about secure content appliances and their role in enterprise security. The guide is divided into four volumes. Each volume is presented in a Q & A format, and discusses the following four topics: Business Justification for Secure Content Appliances, Policies and Procedures for Secure Content Management, System Architecture and Secure Content Management, and Secure Content Appliance Performance. Together the four volumes address the many of the questions that arise when considering the deployment of a secure content appliance.
Volume 1: Business Justification for Secure Content Appliances
Q: How does a secure content device complement other security devices?
A: A secure content device compliments several security devices, including:
- Desktop antivirus
- Intrusion prevention systems (IPSs)
- Policy administration
No single security device can address all security threats; in addition, some degree of overlap provides supplementary protection to an enterpriseâ€™s information infrastructure.
Volume 2: Policies and Procedures for Secure Content Management
Q: What topics should be addressed in secure content policies?
A: Content policies can be organized around two dimensions: first, services provided on the network, including:
- SMTP email
- POP3 email
Second, based on threats, such as
- Viruses and other malware
- Disclosure of private or confidential information
- Banned content
- Use of time-wasting Web sites
There is clearly overlap, for example, between how spam is handled in an SMTP email system and a POP3 email system. At the same time, different protocols or services have different vulnerabilities and require different types of monitoring. For example, private or confidential information can be transmitted via email or FTP; however, FTPâ€™s long history of vulnerabilities warrants attention to those conditions.
Volume 3: System Architecture and Secure Content Management
Q: Where should a secure content appliance be placed?
A: Secure content appliances are used to control what is allowed to enter and leave an organization's network. It follows logically that the device should be located on the perimeter of the network. Perimeters can use a single layer of defense with a single level of firewalls that block ports and filter network traffic at the lower levels of the OSI network model. A common configuration creates a multi-level perimeter known as a DMZ (de-militarized zone).
DMZs use multiple network segments to create three zones: the external zone, which includes the Internet; the internal zone, which includes an organization's network, servers, desktops, and other devices accessible to the internal network; and the DMZ, which lies between the internal and external zone.
Volume 4: Secure Content Appliance Performance
Q: What are threats to content and information assets must organizations address?
A: The major threats to information assets include:
- Viruses, worms, and other malware
- Phishing scams
Left unchecked, these threats can leave organizations with compromised computers, security breaches, loss of information, identity theft victims, and reduced ROI on information technology (IT) investments because resources are consumed with non-business related content.