Finally, there's our critical zone, the area of the production network that contains our most critical resources. Currently, we allow all corporate traffic to this area of our network, when in reality, employees mostly need merely to have Web access. Now that we've incorporated user identity into our firewalls, we can create rules based on who you are and restrict administrative access to our critical resources to those administrators who need it.
Simple, right? Just configure the firewalls and block traffic. Unfortunately, in order to implement all of the changes I've mentioned, we have to conduct a business impact analysis, since we can't afford to make changes that affect our ability to deliver products or services. Therefore, the next course of action is to study the current network traffic to understand any valid business requirements before executing the plan.
This week's journal is written by a real security manager, "Mathias Thurman," whose name and employer have been disguised for obvious reasons. Contact him at firstname.lastname@example.org.
Sign up for Computerworld eNewsletters.