Tuesday | 7 July, 2009
CSO
Get the NAC of good security though team work
Network and security pros can learn from each other
Darren Pauli (Computerworld) 28/02/2008 20:03:37
Page:

Savvy IT shops which encourage overlap between security and network administration have averted war ignited by recent efforts to merge the two groups.

Businesses that integrate security with networking produce more effective security measures, have a better view of users and can streamline network configurations.

But those companies which force the groups together based on the latest products and new ideas will discover their patriotic professionals are not willing to give up their badges.

NAC doesn't require the latest state packet filtering, proxy deep inspecting, simulating, intrusion preventing unified threat management firewall

Consultancy Opus One senior partner Joel M Snyder said well-designed Network Access Controls (NACs) are tantamount to good security, and are a product of cooperation between security and network administrators.

"Cooperation can be difficult because security doesn't have any credibility in networking and vise-versa, so they have to put their differences behind them," Snyder said.

"The argument around blending the teams is based on perimeter security which is all about network integration.

"Sometimes you have to design a network in terms of security rather than the typical networking principles of reliable, fast and cheap. This might sound impossibly ridiculous, but if you need to change the network around a lot to enable good security, you will need cooperation."

Snyder said security professionals must review the entire network architecture, be aware of all connected users and control points before buying NAC gear. This should be done by running an Intrusion Detection System (IDS) and throughly analyzing all reports and logs.

"You can't make an NAC decision unless you know what is trying to gain access [and] you will almost always find something you didn't expect when you run an IDS properly."

Good security does not need to be expensive, according to Synder. Almost every business can save money by locating forgotten control points and integrating them into the managed security framework. This avoids purchasing unnecessary switches, routers and firewalls.

"NAC doesn't require the latest state packet filtering, proxy deep inspecting, simulating, intrusion preventing unified threat management firewall," he said.

Page:
More about Opus One, IPS

Comments

Post new comment

Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Add to Google
Additional Resources
Newsletter Subscription
Sign up for our CSO Online newsletters!
RSS Feeds
Syndicate content
 
Get a job Careerone
Whitepaper


Read Whitepaper

State of Internet Security

Spyware, viruses and other malware transported via Web sites represent the most serious data threat to companies today. Read on find out how you can appropriately leverage technology and appropriate business technologies to protect your business.

Sponsored Links