Cloud & Telecom Security

美国国家标准局（ANSI）和互联网安全联盟（ISA）日前联合发布了一片白皮书 – 网络风险产生的财务影响 -每个CFO都应该问的50个问题。白皮书强调了网络空间的安全对于美国国家和社会经济组织的重大意义。文中认为如何评估认识安全空间的安全风险在组织的财务上面的影响是一个又挑战性的工作。这本白皮书用以帮助CFO来了解和沟通网络空间安全的财务影响。

下面是白皮书中的50个问题，分别针对首席律师(Chief Legal Counsel), 合规性官员(compliance officer), 业务运营和技术团队，外部沟通和危机管理团队，以及公司保险的风险经理。如果对全文感兴趣，请留邮件。 Read more…

Almost every enterprise IT security managers are facing the same problems: how to control the internet? how to implement the granular security policy at the perimeter ? When you dig the Internet, you must find a bunch of discussions and threads, among which the discussions and debates between Thomas and Antishinder are quite interesting.

The assertions by Bluecoat is as the following:

• The ISA firewall cannot be as secure as Blue Coat proxies because it runs on a general purpose server that has ongoing security vulnerabilities
• The ISA firewall is unable to inspect traffic inside an SSL tunnel
• The ISA firewall is unable to inspect and manage peer-to-peer, instant messaging and multimedia connections
• The ISA firewall has limited support for granular access control
• The ISA firewall’s network performance is inferior to Blue Coat’s proxy performance

The fight back from Thomas is very strong. Personally speaking, I think the origin of this debate depends on your attitude of hardware or software security devices. The former will help lower the installation and operation cost, while the latter has lower price. So if your enterprise is very lucky to be mature on server operations, the software proxy solution is as good as, or better than the hardware solution.