Introduction

Added security concerns greet all growing organizations. Small organizations often have to rely on user pragmatism to get by. The increased numbers of users, workstations, servers, and network appliances can turn the enforcement of most security policies into a headache for the most experienced security professionals. A simple solution is to stick to the trusted principle of least privilege, which dictates that only the lowest possible permissions be granted.

There are plenty of security appliances, software applications, and services that allow you to define and apply granular security policies. Unfortunately, those tools consume budgets quickly, thus leaving some areas of the infrastructure well protected and other areas sorely lacking security.

As a security professional, your job is to know the types of application traffic running on your systems, and to make every effort to minimize any identifiable risks. Dealing with different types of risks requires varying amounts of time and effort. You must be able to identify, prioritize, and handle risks. Where possible, you should apply suitable controls to help lower any potential damage to your organization, its data, and its employees. You must work closely with other managers and business owners to ensure that each different application is afforded the appropriate security budget, which will ultimately translate into your organization s enforcement and mitigation tools.

Firewall vulnerabilities are being exploited at the application layer; when new applications appear, new vulnerabilities appear. Allowing a new application past your firewalls without fully considering the consequences can lead to gaping holes in...