Register

Forgot Password

Site FAQ

Home > IT Answers > Security > Application data security versus network security

NewnanIT

1,110 pts.

Application data security versus network security

Application security, Data Security Program, Network security, Network Security Management, Network Security Policies

What are the pros and cons of application data security versus network security? Which do you recommend devoting more budget funds to?

Software/Hardware used:

ASKED: December 22, 2010 9:13 PM

UPDATED: December 29, 2010 11:52 AM

RELATED QUESTIONS

Answer Wiki:

Let's talk of application vs network in relations to your data. Network security is easier to implement, as you have much less technologies to deal with. However, dealing only with network security is like picking the low hanging fruit. It attempts to solve only the data-in-transit issue, and does not, cannot, deal with data-at-rest or data-in-process. Application security, on the other hand, deals with the entire data processing stack, and when properly done can help you deal with untrusted and extended networks and de-perimeterisation of networks. See work done by the Jericho Forum <a href="http://www.opengroup.org/jericho/">http://www.opengroup.org/jericho/</a> I recommend putting your efforts and dollars into Application security. Application and platform hardening, SDLC, enterprise security guidelines and developer security awareness will take you today a longer way towards security and compliance than more network tools.

Last Wiki Answer Submitted: December 29, 2010 11:52 am by ShalomC

25 pts.

All Answer Wiki Contributors: ShalomC

25 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Dec 28, 2010 2:06 AM (GMT)

application data security versus network security?

Can you define what you mean by those? Also, what platform will the “application” run on?

A system that uses direct-attach terminals, for example, with no need for “network” access (e.g., ODBC), can get along fine with just application security in almost all cases. There’s no need for any dollars to be spent on network security at all — there are no network interfaces that need to be secured.

But that’s a pretty uncommon setup nowadays.

Also, if object security is appropriately configured, it should be irrelevant if access is through “application” or “network” (however those are defined). If a user isn’t authorized to access an object, the permissions shouldn’t magically elevate because ODBC (or whatever) is an intermediate access protocol.

Also, if network interfaces are available, are you thinking in terms of operating system or related vulnerabilities that might be exploited to elevate authority? Obviously in those terms, “application security” (whatever that might be) can become totally ineffective.

I’m not at all clear on how you are thinking of the difference between the two.

Tom

TomLiotta

108,055 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags