[fw-wiz] ASP/Hosting Architecture

From: Don Kendrick (strider_at_mailworks.org)
Date: 11/02/04

  • Next message: Margles: "Re: [fw-wiz] Ethics, morality and the industry" 
    To: firewall-wizards@honor.icsalabs.com
Date: Tue, 2 Nov 2004 10:22:04 -0500

    Dear Wizards,

    Need some direction/advise from anyone that has worked in the
    development of a network/firewall architecture for an ASP or hosting
    company. I'm currently working on developing a plan for an organization
    that will host multiple organization's IT infrastructures. Some of the
    organizations have a high risk tolerance and some have (or should have)
    a very low tolerance.

    When you look at developing a network/security architecture for an
    organization, you are usually looking at one organization's assets and
    can then apply the standards for tiering (presentation, application,
    and data) and segmentation based on criticality and confidentiality.

    The problem is how do we do this in an environment that also has to be
    segmented based on owner. Things start to not scale well quickly. Lots
    of firewalls, segmented SAN/NAS devices, segmented enterprise backup
    systems. If you don't address some of this you run the risk of the
    weakest link being exploited to escalate into other more secure
    co-located systems that might share infrastructure.

    I'm sure that there are some organizations with this type of problem
    that do it the wrong way, basically going flat with the tiering and/or
    data segmentation and only segmenting (maybe even only with VLANs) on
    the data owner (hosting client).

    Is anyone doing it right? How do you make it scale? Any models, ideas?

    don

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Margles: "Re: [fw-wiz] Ethics, morality and the industry"