the near future enterprises will consider network security
as an entire system and not a collection of point products.
by S.V. Ramana
make a successful transition into the Internet age,
organizations must open their networks and the resources
on them to employees, partners, suppliers, and customers.
But networks also attract unsavory characters. Along
with the many legitimate users come those unwelcome
few who would block access to mission-critical resources
or worse yet, compromise them.
Network security technologies are becoming increasingly
vital in preventing corruption and intrusion, and eliminating
network security vulnerabilities. And enterprises should
take the right precautions and implement complete solutions.
An enterprise security solution comprises of five key
1. Identity: Identity is the accurate and positive
identification of network users, hosts, applications,
services, and resources. Standard technologies that
enable identification include authentication protocols.
New technologies such as digital certificates, smart
cards, and directory services are beginning to play
increasingly important roles in identity solutions.
2. Perimeter Security: This element provides
the means to control access to critical network applications,
data, and services so that only legitimate users and
information can pass through the network. Routers and
switches with access control lists and/or stateful firewalls,
as well as dedicated firewall appliances provide this
control. Complementary tools, including virus scanners
and content filters, also help control network perimeters.
3. Data Privacy: When information must be protected
from eavesdropping, the ability to provide authenticated,
confidential communication on demand is crucial. Sometimes,
data separation using tunneling technologies, such as
generic routing encapsulation (GRE) or Layer 2 Tunneling
Protocol (L2TP), provides effective data privacy. Often,
however, additional privacy requirements call for the
use of digital encryption technology and protocols such
4. Security Monitoring: To ensure that a network
remains secure, it is important to regularly test and
monitor the state of security preparation. Network vulnerability
scanners can proactively identify areas of weakness,
and intrusion detection systems can monitor and respond
to security events as they occur. Using security monitoring
solutions, organizations can obtain unprecedented visibility
into both the network data stream and the security posture
of the network.
5. Policy Management: As networks grow in size and complexity,
the requirement for centralized policy management tools
grows as well. Sophisticated tools that can analyze,
interpret, configure, and monitor the state of security
policy, with browser-based user interfaces, enhance
the usability and effectiveness of network security
These elements enable dynamic links between customer
security policy, user or host identity, and network
Playing it SAFE
The future of network security is an entire system as
opposed to a collection of point products. It gets us
away from thinking about security in terms of 'Here's
my firewall. What do I need to do?' but rather, 'Here's
my network. What potential threats do I have to experience
in this network, and how do I mitigate those threats?"
A comprehensive secure blueprint for enterprise networks,
is to provide best practice information on designing
and implementing secure networks. A blueprint serves
as a guide to network designers considering the security
requirements of their network. This strategy results
in a layered approach to security where the failure
of one security system is not likely to lead to the
compromise of network resources.
Businesses that successfully lead in the information
age will be those that efficiently find the balance
between protecting corporate and customer information,
and making sure good ideas and creativity are not "pent
up" and made ineffective. The future of network
security lies in comprehensive, dynamic solutions that
can scale up as the enterprise requirements increase.
The writer is VP-Systems Engineering,