This is the first of a series of articles that will present best practice approaches, using actual products and systems and realistic deployment situations. The next article will present a set of assessment criteria for determining what constitutes a "best practice deployment," and explain each assessment criterion's reason and value.
The third article will present our first best practices demonstration testbed, and how to securely deploy the array of leading products tested even though the products were manufactured independently, without the manufacturers collaborating on secure high-performance deployment.
About the Authors
Ray Bernard, PSP, CHS-III is the principal consultant for Ray Bernard Consulting Services (RBCS), and a regular columnist for Security Technology Executive.
James Connor is founder and CEO of security technology consultancy N2N Secure, a security consulting firm specializing in migration of analog to converged IP-based Physical and Logical security solutions. He is the former Senior Manager of Global Security Systems for Symantec Corp.
Rodney Thayer is an independent network researcher focusing on network attack and defense issues as they relate to business infrastructure. Current security research (exploit development) includes product and infrastructure evaluations, and training/lecturing on computer security topics. Mr. Thayer's background is in engineering, deployment and evaluation of computer and network security solutions. He has participated in the authoring of IETF standards, written product reviews for trade publications, taught at venues like RSA and Black Hat, played Capture The Flag at Defcon (on a winning team), and has consulted for large and small enterprises and Infrastructure Operators.