--> Selecting the security model depends upon the type of the network and content you are going to secure.
--> There are basically two security models are used in the network.
1) Positive Security Model
--> A Positive Security model is also known as whitelist model.
--> A Positive Security model works by denying everything and allow only the things which are required in the network.
--> All the firewalls in the network works on this model.
--> The main advantage of implementing a positive security model in the network is that zero-day attacks can be prevented.
--> Positive Security Model leads to more false positives, as it blocks everything related to an application until you specify it.
--> If an application changes or modifies its behavior we need to create a new policy in order the application to work.
--> Positive Security model is recommended for securing web applications.
2) Negative Security Model
--> A Negative Security model is also known as Blacklist model.
--> A Negative Security model works by allowing everything and denies only the things which are required in the network.
--> Anti-Virus and IPS/IDS in the network works on this model.
--> The main advantage of implementing negative security model in the network is it can be deployed rapidly.
--> Negative Security Model does not lead to more false positives, as it allows everything related to an application and denies the things which are specified manually.
--> Negative Security Model cannot prevent zero-day attacks because of its behavior.
--> Negative security model is recommended for anti-spam and antivirus.
--> In order to find which model is suited for your organization there are a number of factors we need to consider,
i) Number of objects
ii) Number of content types
iii) Content Changes
--> For example, if a website is having fewer objects ( ex:50 objects) and having only pictures and texts then it is recommended to use the positive security model.
--> For example, if a website is having more objects ( ex:500 objects) and content changes every day then it is recommended to use the negative security model.
Ref: F5.com
Md.Kareemoddin
CCIE # 54759
Like Our Page On Facebook https://www.facebook.com/networkingforu/
--> There are basically two security models are used in the network.
1) Positive Security Model
--> A Positive Security model is also known as whitelist model.
--> A Positive Security model works by denying everything and allow only the things which are required in the network.
--> All the firewalls in the network works on this model.
--> The main advantage of implementing a positive security model in the network is that zero-day attacks can be prevented.
--> Positive Security Model leads to more false positives, as it blocks everything related to an application until you specify it.
--> If an application changes or modifies its behavior we need to create a new policy in order the application to work.
--> Positive Security model is recommended for securing web applications.
2) Negative Security Model
--> A Negative Security model is also known as Blacklist model.
--> A Negative Security model works by allowing everything and denies only the things which are required in the network.
--> Anti-Virus and IPS/IDS in the network works on this model.
--> The main advantage of implementing negative security model in the network is it can be deployed rapidly.
--> Negative Security Model does not lead to more false positives, as it allows everything related to an application and denies the things which are specified manually.
--> Negative Security Model cannot prevent zero-day attacks because of its behavior.
--> Negative security model is recommended for anti-spam and antivirus.
--> In order to find which model is suited for your organization there are a number of factors we need to consider,
i) Number of objects
ii) Number of content types
iii) Content Changes
--> For example, if a website is having fewer objects ( ex:50 objects) and having only pictures and texts then it is recommended to use the positive security model.
--> For example, if a website is having more objects ( ex:500 objects) and content changes every day then it is recommended to use the negative security model.
Ref: F5.com
Md.Kareemoddin
CCIE # 54759
Like Our Page On Facebook https://www.facebook.com/networkingforu/
0 Comments