Perimeter firewalls are your first line of defense against intrusion, and segment your network based on need to access other networks. Microsegmentation firewalls ensure the only intra-segment network traffic that is going on is approved traffic. Devs need to supply source/destination IP addresses and ports to allow traffic.
Web Application Firewalls (WAFs) perform an inspection of HTTP requests to halt attacks on web servers.
I'm trying to craft a point to address this simply.
[ ] Segment your network and protect sensitive services. Use firewalls, virtual private networks and cloud Security Groups to restrict and control inbound and outbound traffic to/from appropriate destinations.
Looks good to me! I saw you mentioned CloudFlare as a DDoS mitigator, they also provide a WAF service, which would be good in the HTTP traffic section.
Could add oauth token validation at the load balancer and a few items about firewalls (perimeter, microsegmentation, waf)
Great list btw.
Two minds suggesting the same thing -- must be good ;-)
Could you distill your suggestion about firewalls into a simple focussed point?
I wouldn't lump WAFs in with standard firewalls.
Perimeter firewalls are your first line of defense against intrusion, and segment your network based on need to access other networks. Microsegmentation firewalls ensure the only intra-segment network traffic that is going on is approved traffic. Devs need to supply source/destination IP addresses and ports to allow traffic.
Web Application Firewalls (WAFs) perform an inspection of HTTP requests to halt attacks on web servers.
I'm trying to craft a point to address this simply.
Looks good to me! I saw you mentioned CloudFlare as a DDoS mitigator, they also provide a WAF service, which would be good in the HTTP traffic section.
Got it, thank you!