I'm told over and over again by internal staff that "if we are placing firewalls around an internet web zone, why do we need an application layer (or business logic layer) firewalled from the internal network. Why can't we run all the application logic on the core?"
I've explained a defense in depth and protecting the core in the event that a web zone network gets compromised, but that isn't flying. I need either a really good explanation on why I'd need an app zone set of firewalls AND/OR some links showing how this is the best architecture.
I’m with you on this one. The Web Zone or the DMZ zone should always be well protected. After all, this is the only zone that's accessible by and open to the Internet cloud, in most organizations.
Personally, if you were to ask me, there should be at least 3 layers of network defense in most big organizations. Typically, you'll have a DMZ zone i.e. Web Server, Mid Zone i.e. Application Servers / Middleware Servers and End Zone i.e. Database Servers.
Firewalls with Layer 7 inspection aren’t good enough to be placed protecting the DMZ Zone. You'll need to supplement this with network IPS e.g. Cisco ASA 5500 Series IPS Solution. Furthermore, on the Application Servers and Database Servers, you’ll need host based IPS e.g. Cisco Security Agents. These are just my opnion.
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...
Dear Team Suppose we have hundreds of rules in access policy on cisco fmc device. Now I want to fetch all access policy rules in which I have mentioned some specific port number X. Can anyone help me with the process to fetch the same?
Greetings everyone, Happy New Year! I would like to thank you all for making our ISE demos in dCloud a great success!
The ISE instant demo has been in the top 5 of Enterprise demos for a long time now and recently just moved into the #1 and 2 slots...
User Experience Enhancements
As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.
A More Intuitive Cognitiv...