- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
I have heard the term "Identity-based Networking" in relation to LAN Security. What is the relationship between identity management and securing the LAN?
The term "identity-based networking" has actually been around for many years, referring to the idea that a user's identity is somehow tied into the networking services that user can receive. When wireless LAN controllers first emerged, for example, they applied they concept of identity-based networking by not only authenticating users joining the wireless network but also by placing them into the appropriate virtual LANs (VLANs).
Identity management, often referred to as identity and access management (IAM), is slightly different, though its goals are similar. IAM systems consolidate both user names and individual access rights across multiple disparate applications. IAM systems are used to establish new user identities, grant those rights across the enterprise's applications, and then eliminate those identities and access rights when employees leave the company.
In its relation to LAN security, the fundamental meaning of identity-based networking remains the same - controlling a user's access rights on the LAN based on that user's identity. Of course, the notion of "identity" has broadened, and IT now has many more options for "controlling" users than simply placing them into VLANs.
One way to look at the expanding control options is to look at NAC systems, which have emerged a major element of LAN security over the last couple years. NAC incorporates pre- and post-admission tasks. Pre-admission tasks include authenticating a user and validating that the user's machine complies with corporate security policy. Clearly, authentication and posture check are valid components of a user's identity.
Post-admission tasks can include functions such as learning a user's group affiliation or role in the company, associating that role with access rights, and watching that user's behavior for anomalous activity. Many of these post-admission tasks can also contribute to defining a user's identity. Certainly a user's role or group membership is a vital component, but in applying access rights to that user, elements such as the application in use, a user's location, and time of day can also enrich the notion of a user's identity.
Rss FeedRss Feed
If the IT manager is knowledgeable regarding Cisco technology, he would have 2 options. Option 1 - Consult...- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment