- 4chan hell raisers finding fame brings heat?
- The 10 dumbest mistakes network managers make
- NetApp quits bidding war in face of EMC opposition
- CompuServe closes after 30 years
- Google to launch open-source Chrome OS this year
Did you like to blow things up when you were little? Come on, be honest. I'll come clean. More than a few mailboxes fell under the onslaught of my juvenile pyromania. Being an adult means wanton destruction is frowned upon. But maybe there is something we can do to regain the thrill.
Try this on for size: You should blow up your network. That's right - over the next 18 months you'll be overhauling your campus network. It's time. You know you are tired of those old Layer 3 switches. Those are so five years ago. Aren't those boxes depreciated yet? Get the finance guys on the horn.
The business has changed. The insider threat is real. Folks connect to your network from conference rooms and over VPNs from unsafe environments. You can't stick your head in the sand anymore. Compliance has teeth and you need to segment networks and protect sensitive data. Acknowledging this is a huge change for me, since I used to laugh when told that people needed to secure internal networks.
I remember talking years ago to companies that were pitching that customers needed to extend the protection deeper into the network. I laughed. The moat is deep and wide. The bad guys cannot get in. Well, now the bad guys are us and they may already be on the network. We need to make the network much less hospitable to them.
That's where network access control (NAC) comes into play. NAC lets you do a couple of things that are important to protecting the internal network. First, you can enforce a hygiene policy on the devices that connect to your network.
So if a computer is not patched, doesn't have updated anti-virus or violates some other policy, you can send it to a quarantine network to be fixed. Cesspools of malware need not even try - they aren't getting onto the network.
Second, NAC lets you manage the flow of traffic through your network based on the device and application. You can make sure only finance people get to the application housing critical and sensitive financial data. Sure, we've got a lot of work to do on the policy side to make it easy to deploy and manage, but this is the future. The days of unfettered access to pretty much whatever is connected to the network are over.
Network World President John Gallant is doing an assessment of the major vendors' NAC strategies on his Vortex blog. It's good stuff - you should read it. I don't have the room to evaluate each strategy in this column, so I'll leave that heavy lifting to him.
Comment