Get the NAC of good security though team work

Network and security pros can learn from each other

Savvy IT shops which encourage overlap between security and network administration have averted war ignited by recent efforts to merge the two groups.

Businesses that integrate security with networking produce more effective security measures, have a better view of users and can streamline network configurations.

But those companies which force the groups together based on the latest products and new ideas will discover their patriotic professionals are not willing to give up their badges.

NAC doesn't require the latest state packet filtering, proxy deep inspecting, simulating, intrusion preventing unified threat management firewall

Consultancy Opus One senior partner Joel M Snyder said well-designed Network Access Controls (NACs) are tantamount to good security, and are a product of cooperation between security and network administrators.

"Cooperation can be difficult because security doesn't have any credibility in networking and vise-versa, so they have to put their differences behind them," Snyder said.

"The argument around blending the teams is based on perimeter security which is all about network integration.

"Sometimes you have to design a network in terms of security rather than the typical networking principles of reliable, fast and cheap. This might sound impossibly ridiculous, but if you need to change the network around a lot to enable good security, you will need cooperation."

Snyder said security professionals must review the entire network architecture, be aware of all connected users and control points before buying NAC gear. This should be done by running an Intrusion Detection System (IDS) and throughly analyzing all reports and logs.

"You can't make an NAC decision unless you know what is trying to gain access [and] you will almost always find something you didn't expect when you run an IDS properly."

Good security does not need to be expensive, according to Synder. Almost every business can save money by locating forgotten control points and integrating them into the managed security framework. This avoids purchasing unnecessary switches, routers and firewalls.

"NAC doesn't require the latest state packet filtering, proxy deep inspecting, simulating, intrusion preventing unified threat management firewall," he said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about IPSOpus One

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Darren Pauli

Latest Videos

More videos

Blog Posts