Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Motorola, Woot 'fess up to reselling uncleared Xoom tablets
How NOT to get a job 101: Hack Marriott, extort execs for work
FAQ about the VeriSign data breaches
Why the House spectrum bill should be ditched: Q&A with Reed Hundt
Google finally scans malware-ridden Android Market
Lawsuit raises questions about email privacy at work
The future of hypervisors
Vendors show voice call hand-off between LTE, 3G networks
VeriSign admits multiple hacks in 2010, keeps details under wraps
Facebook ripe for ridicule as it suffers outage a day after IPO filing
TD Bank gets social for better business
IT salaries rise, bonuses get bigger
Before Facebook: How other recent dot-com IPOs have fared
Obama web site crushed by Republicans' when it comes to download speeds
FBI busts software copyright fugitive who fled to Pakistan
/

The forgotten side of network security

By Kevin Flood
Network World, 02/05/01

With network security, thoughts quickly turn to hackers, viruses, Trojan horses, denial-of-service attacks and other perceived threats. However, after products are developed and deployed to minimize risk and vulnerability, we may find that we are our worst enemy. Not that we left a gaping hole in our security defense but quite the contrary. The products may be sound from a security perspective, but might fail to include provisions to preserve adequate business functionality.

With increasing volumes of business traffic traversing the Internet, implementing security at the edge of the corporate network is a given. But the too-often-assumed outcome is that our security package will address the vulnerability and leave all other features intact. The reality is that security touches almost every aspect of the business operation. Failing to account for the effect of security processes on business can result in unacceptable performance of networked applications, lead to scalability issues, and create impasses when implementing new technologies.

Consider line-of-business applications delivered using thin-client technology. With sufficient bandwidth and controlled latency, organizations can rely on the Internet to transport their server-based applications to remote offices and mobile workers. But it's the Internet, so all we have to do is introduce firewalls to filter intrusion and VPNs to protect data, right? Unfortunately, doing so could easily bog down the performance of those applications to the point where user sessions frequently drop and task execution proceeds at a snail's pace.

Recent testing conducted as part of Tolly Research's ITclarity research program proves this point. Using security appliances designed to support thousands of simultaneous sessions and Fast Ethernet connections, we observed excessive increases in application response times. With 80 or fewer simultaneous thin-client sessions, basic firewall and VPN functions increased response times as much as threefold.

For end users, that means waiting for application menus to appear after each click and tolerating substantial delays between text entry and display. In general, response-time fall-off of that magnitude translates into reduced productivity and lower effectiveness.

Hand-in-hand with application performance is scalability. Enterprise security products designed for many users and line-rate performance at speeds greater than T-1 may live up to their billing when used predominantly for filtering Web traffic. But introduce time-sensitive IP telephony sessions, and the specs for delivering acceptable voice quality or even achieving call completion can change substantially.

The challenge for IT when considering enterprise network security is to maximize business features. This includes managing security risks, and keeping in mind the impact on business operations. Successful network security architectures and policies will maintain adequate performance of networked applications, account for foreseeable scalability, and incorporate flexibility to integrate new applications.

Flood is senior vice president of Tolly Research. He can be reached at kflood@tollyresearch.com.

RELATED LINKS

Kevin Tolly is president and CEO of The Tolly Group. Reach him via e-mail at ktolly@tolly.com.

More Tolly on Technology columns


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.