[VOIPSEC] Intelligent Defense in Depth
Kevin Conway
kconway at altrucom.com
Tue Mar 14 16:17:17 CST 2006
I don't know if anyone would agree but I personally consider voice
traffic to be nothing more than data traffic with a more deterministic
set of requirements. Any "packet" on the network is just data -
ultimately. I view this as being analogous to an airline company. They
may carry passengers, goods or donated organs.
If the flight is delayed 6 hours who cares? Well, the passengers may
whinge (quite a lot in some circumstances, me included!) but if the
flight includes a life saving organ - will the delay matter? (I don't
need to solicit a response).
Which brings me into the debate as I see it. An "Intelligent Defence in
Depth" would mean additional checks and monitoring at various stages
throughout a system (together with the collation/integration and
managemnet of such an approach) that is ultimately designed to carry
"passengers" compared to an system that is architecturally designed to
cater, natively, for both situations described above.
So, when you consider "Intelligent Defense in Depth" v "Holistic
Approach" I would say it is more a case of "Intelligent Defense in
Depth" v "Architectural Approach", which to me, the later will always
win hands down.
Having said the above though, an architectural approach will include a
combination of both network and application components but the closer
you can approach this the more suitable it would be.
Kevin.
stuart jacobs wrote:
>To chime in, I fully agree with what Donald said. In fact we really
>need to aggregate security management across all elements so as to have
>a consisten approach to manageing security nechanisms.
>
>Stu
>
>On Mar 14, 2006, at 1:47 PM, Smith, Donald wrote:
>
>
>
>>Defense in Depth implies multiple layers hopefully of different
>>technologies and vendors/implementations.
>>I believe the intelligence refers to the layers communicating between
>>each other to provide "smarter" defense.
>>
>>A holistic approach would just be to think about the entire system as
>>opposed to individual elements.
>>A holistic approach is a different paradigm and you SHOULD apply both.
>>They are not opposites they are complementary.
>>
>>I am not really addressing the whole converged network issue.
>>Services that were traditionally Analog on a digital network or
>>digital services on an analog network is not anything new.
>>But its a common buzz word used today by many.
>>
>>I do wonder why we aren't calling it a modemized network:)
>>
>>
>>
>>
>>
>>Security through obscurity WORKS against some worms and other tools:)
>>Donald.Smith at qwest.com giac
>>
>>
>>
>>
>>>----- Original Message -----
>>>From: "Mark Teicher" <mht3 at earthlink.net>
>>>To: <Voipsec at voipsa.org>
>>>Sent: Monday, March 13, 2006 7:41 PM
>>>Subject: [VOIPSEC] Intelligent Defense in Depth
>>>
>>>
>>>
>>>
>>>>Can someone please provide insight on how Intelligent
>>>>
>>>>
>>>Defense in Depth
>>>
>>>
>>>>allows for a more secure converged networked environment versus an
>>>>"holistic approach" in securing a converged networked environment ?
>>>>
>>>>thank you in advance for your assistance
>>>>
>>>>
>>>>
>>>>_______________________________________________
>>>>Voipsec mailing list
>>>>Voipsec at voipsa.org
>>>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>>>
>>>>
>>>_______________________________________________
>>>Voipsec mailing list
>>>Voipsec at voipsa.org
>>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>>
>>>
>>>
>>_______________________________________________
>>Voipsec mailing list
>>Voipsec at voipsa.org
>>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>
>>
>>
>>
>========================================================
>Stuart Jacobs, CISM, CISSP
>PMTS - Sr. Technologist
>Network Security
>Verizon Laboratories
>40 Sylvan Road
>Waltham MA 02451-1128
>(781) 466-3076
>
>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>
More information about the Voipsec
mailing list