Secure networks: changing business models and complexity of threats force new approaches to network security.
This open network policy, however, elevates an a]ready critical IT concern: network security. Most corporations today address this concern via various security tools-login/password, hardware tokens for authentication, virtual private networks (VPN) for data encryption, hardware firewalls at corporate locations for data packet filtering, and antivirus software on remote PCs. While authentication mechanisms ensure user/machine authorization and VPNs ensure data privacy in transit, the conventional security tools (e.g., hardware firewalls and antivirus software) fall short of protecting mobile network endpoints.
By their nature, mobile PCs are not secured by a hardware firewall, which protects the corporate network from external attacks but cannot provide protection against at tacks originating from within the corporate network. Most such firewalls are not configured to block specific applications, such as peer-to-peer file sharing, instant messaging and file downloading. Malicious code, such as "spyware," can use these services as a vehicle and enter the corporate network to create damage or hog nerwork bandwidth.
Antivirus software can protect against known attack signatures stored in its database but proves ineffective against hybrid or unknown malicious code. Newer security tools such as intrusion detection systems (IDS) have the same issue, with the added problem of false positives.
While the number of malicious attacks is increasing, their intent and nature is changing. In the past, attacks were aimed at proving one's technical prowess and limited to superficial damage, such as the defacing of Web sites. Recent attacks have been aimed at stealing customer data, obtaining proprietary information and deliberately hampering a corporation's ability to do business.
THE LAYERED SECURITY APPROACH
To effectively protect against attacks spawned by worms, hackers and other forms of malware that target software vulnerabilities, enterprises should consider a "layered" security approach, starting with locking down remote PCs.
The layered security approach calls for an integrated solution in which the different security tools (VPN, firewall and antivirus) work cooperatively to provide fool-proof protection. This enterprise-level solutions allows granular security control of all remote network endpoints and can be centrally administered through server-based components for consistency and scalability. It is location and access technology agnostic, and addresses the gaps left by conventional security mechanisms.
In this approach, comprehensive security for remote/mobile PCs is provided by configuring a VPN client, a personal firewall client and an antivirus client to act integrally with the Internet access client. The layered components each perform the following functions:
* The Internet access client connects to the remote access server and provides "anytime, anywhere" roaming Internet access to the remote/mobile user.
* The end-user utilizes a combination of a username/password and hardware token to connect to a central authentication server. This process establishes user identity and determines user permissions.
* The VPN service enables secure remote access to centrally located data and encrypts corporate data as it traverses the Internet.
* The personal firewall protects the remote endpoints from hackers, worms and Trojans, and controls all inbound and outbound connections on the PC per established policy.
* The antivirus agent protects the remote endpoints from viruses and other malicious content downloaded from the Internet.
Usually, these services and software all act independently without consulting each other. In the layered security approach, all these services are activated as soon as the access client is launched. The end-user is taken through prespecified screens and is forced to enter the required codes to be granted access to any corporate information. If, during activation, one of the services is found to be disabled or inactive for any reason, the Internet connection is denied.
In case any security service is terminated during an established session, the Internet connection is torn down immediately. A successful Internet connection is allowed only after verifying that security services are active and all clients are running the required versions and upgrades. By cooperatively enforcing all the security services, this solution ensures that remote PCs on the Internet are protected at all times.
DETERMINE SECURITY POLICIES
The first step in deploying a comprehensive security solution for any organization is to determine its various user profiles and the corresponding security policies. One way to do this is to set a default polio/for all users and gradually classify them based on user experience. An alternative might be to utilize the user groups that already exist within the enterprise, (such as salespeople, managers, executives, technical staff, engineers), and assigning each of these groups varying levels of security. The next step would be specifying what applications (e.g., Kazaa, Instant Messenger) and Internet domains should be blocked. Similar granular controls can be set for LAN users.
Finally, research the various products available in each category (remote access, authentication, VPN, personal firewall, antivirus) and select those that best meet your needs, as well as those that work with each other. This is a critical step because not all products interoperate.
Once the security solution is deployed, management and administration tasks-such as version upgrades and configuration changes can be carried out central[y through the various management servers. Users can be moved from one group to another and will automatically conform to the new security policy on their next login. Reports and log files can track any unusual behavior and can be used to further refine the security on the network.
Network security service providers can help to remove the complexity and cost of doing these tasks internally. Such providers have already evaluated best-of-breed Internet access, authentication, VPN, personal firewall and antivirus products and are familiar with their capabilities. These providers can help establish appropriate rule sets and security policies, and typically offer 24x7 monitoring and technical support backed by service-level agreements.
Engaging a network security service provider may result in lower total cost of ownership. An added benefit is that some service providers can deliver a fully integrated, end-to-end managed solution that ensures maximum security and is flexible enough to meet current and future remote-access needs.
Whether taking on the task internally or using a service provider, the layered security approach can combat these evolving network security threats. This integrated solution ensures protection at all times by allowing an Internet connection to a corporate PC only after verifying that all security services on that PC are active and up-to-date. By securing the weakest link through an integrated solution, the entire enterprise network can be effectively guarded against possible attacks.
For more information from Megapath: www.rsleads.com/404cn-258
Roark Pollock is senior product manager for managed VPN and security services at MegaPath Networks, Pleasonton, Calif.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Network Security|
|Date:||Apr 1, 2004|
|Previous Article:||Serial-port concentration.|
|Next Article:||Stay connected on the road.|