Protected by the network gear
Some switches and routers now can identify, prevent or at least lessen the effect of security threats, but interoperability, performance and management are sticking points.
By Terry Sweeney
,
Network World
, 03/22/2004
- Share/Email
- Tweet This
- Print
As you mop up after the latest worm attack and chat with your network infrastructure vendors, talk inevitably will turn to preventive and protective measures. Chances
are, your vendors will encourage you to secure every switch and router, making your infrastructure gear part of the layered
security approach you are taking toward security under the new data center.
You just never know when or where software will be waylaid by its next vulnerability, the vendors will say. As such, they'll
argue, switches and routers should be smart enough to be your helpmates - able to recognize and halt buffer overflows, quarantine infected or unknown
clients or help push out patches.
That's a particularly logical gambit in discussions of zero-day attacks, in which the hacker games begin the same day that
the software vulnerability is publicized. But just as experienced shoppers know that you never ask a tire salesman if you
need new tires, so do enterprise network executives understand that they must do their homework when vendors push security frameworks. That means, of course, pushing back - and hard - to make them prove their claims of performance, interoperability
and management.
Still, zero-day attacks highlight a continuing enterprise challenge: the drawbacks of the hard-shell/soft-center architecture
created by traditional network security designs. Such designs might make the perimeter harder than nails, but that won't stop
a rogue internal user or a corrupted download from making a shambles of the whole network, says Timon Sloane, director of
product management at Extreme.
Preventing the network infrastructure from turning to mush is behind gear vendor's latest strategies such as Cisco's Self-Defending
Network, Enterasys Networks' SecureNetworks, Extreme's Clear-Flow and Nortel's Unified Security Framework. Everybody wants
to make sure their network equipment can help identify, prevent or at least lessen the impact of security threats.
Cisco has the NAC
Cisco has its Network Admission Control (NAC) program for using network infrastructure devices to prevent the spread of viruses and worms. NAC, which Cisco defined with
the help of anti-virus vendors Symantec and Trend Micro, falls under the Self-Defending Network umbrella.
As a start, Cisco offers Cisco Security Agent (CSA). The CSA software, which runs on user clients and enterprise servers,
authenticates users and provides policy-based access. If users have not updated their desktops with the latest patch for Microsoft's
Internet Explorer or don't have the latest virus' digital signature files, the CSA would quarantine the non-compliant devices
or restrict access.
With this effort is a focus on tougher security for VPNs. Cisco has extended link-layer encryption to IPSec- and Secure Sockets Layer (SSL)-based VPNs. Previously available only for SSL VPNs, link-layer encryption ensures the security between every two endpoints
that an IP tunnel traverses from origin to destination. Each link might use a different encryption key or algorithm.
Partner Content
www.bmc.com
Gartner 2009 Magic Quadrant for Job Scheduling
Gartner has positioned BMC CONTROL-M in the Leaders Quadrant of their "2009 Magic Quadrant for Job Scheduling." The report assesses the ability to execute and completeness of vision of key vendors in the marketplace. Read a full copy today, courtesy of BMC Software.
Download whitepaper
Dell's SMART Approach to Workload Automation
Read a compelling case study by EMA, Inc. to learn how Dell uses BMC CONTROL-M to cut cost and increase productivity with workload automation.
Download whitepaper
Workload Automation Cost Savings 2 Minute Video
A major computer manufacturer uses BMC CONTROL-M and just four people to schedule and run over 85,000 jobs every month. By switching to BMC CONTROL-M, they more than quadrupled the workload without adding a single staff member. See how in this 2-minute video overview.
Go to video
Comment