Firewalls were originally designed to protect against threats to systems and networks. The first generation of firewalls relied on stateful packet inspection or stateful inspection. The firewalls form a perimeter around your system, similar to patrolling a country's boarders and only allowing legitimate traffic into the country. With evolving virus schemes, malwares and spywares, we must improve our security systems. In many businesses, it is not easy to form a perimeter around critical data. Many employees connect to work related information from mobile devices, broadband and public wireless hotspots. These connections are made through of multitude of media rich connections. Firewalls will have to protect no just the systems, but also the data irrespective of how it is being transmitted. Additionally, firewalls will have to provide this protection in a robust, comprehensive manner without sacrificing performance. This ultimately results in the introduction of Deep Packet Inspection systems.
Deep Packet Inpsection (DPI) systems has be suggested as an extension to current firewall systems. The goal of DPI is to provide users with protection of critical data while using multiple devices in a media rich content environment. This security system requests the data to be sent for inspection of threats before establishing connections. There are two methods of DPI: proxy based and stream based. Stream based is safer, while proxy based is faster. However, while both provide robust security in the network environment, proxy based DPI requires less resources but a more elaborate scheme on protection. Both methods of DPI suffer in terms of latency on the network. For example, in large files, the latency on the network is going to be high and therefore resulting in slower speed. This begs the question of Quick System or a Safe System? How much of one do I sacrifice for the other.
Original Article:
You bring up a great question of speed versus security. When I worked at one of Toronto's biggest hospital's, their emphasis on keeping internal data private and secure, having everything encrypted, meant that data transfer and acquisition was really difficult to do. In high pressure situations, which occur frequently in a hospital environment, there is no type for security when people's lives are at stake. But in order to fulfill all legal obligations, the security measures won out over speed.
ReplyDeleteSadly I think for most companies that deal with sensitive data, security will always trump speed simply because of the legal aspect.
http://csc300blog.blogspot.com/
I agree with you security wins out in the end. Not just for legal aspect but you do want private information to remain private and should try at best to keep it so but never to the extent that you cripple your systems. For cases where speed is most important information should be anonymized as much as possible.
ReplyDeleteThis comment has been removed by the author.
ReplyDeletewe need Speed and Security. They are both very important for our daily life. But most of the time, they will have negative impact on each other.
ReplyDeleteMy blog:
http://cuiyufeng.blogspot.com/