Archives ||  About Us ||  Advertise ||  Feedback ||  Subscribe-
-
Issue of January 2003 
-
  -  
 
 Home > Cover Story
 Print Friendly Page ||  Email this story

Techscope 2003: Network Security
Securing the enterprise

In the near future enterprises will consider network security as an entire system and not a collection of point products. by S.V. Ramana

To make a successful transition into the Internet age, organizations must open their networks and the resources on them to employees, partners, suppliers, and customers. But networks also attract unsavory characters. Along with the many legitimate users come those unwelcome few who would block access to mission-critical resources or worse yet, compromise them.

Network security technologies are becoming increasingly vital in preventing corruption and intrusion, and eliminating network security vulnerabilities. And enterprises should take the right precautions and implement complete solutions. An enterprise security solution comprises of five key elements:

1. Identity: Identity is the accurate and positive identification of network users, hosts, applications, services, and resources. Standard technologies that enable identification include authentication protocols. New technologies such as digital certificates, smart cards, and directory services are beginning to play increasingly important roles in identity solutions.

2. Perimeter Security: This element provides the means to control access to critical network applications, data, and services so that only legitimate users and information can pass through the network. Routers and switches with access control lists and/or stateful firewalls, as well as dedicated firewall appliances provide this control. Complementary tools, including virus scanners and content filters, also help control network perimeters.

3. Data Privacy: When information must be protected from eavesdropping, the ability to provide authenticated, confidential communication on demand is crucial. Sometimes, data separation using tunneling technologies, such as generic routing encapsulation (GRE) or Layer 2 Tunneling Protocol (L2TP), provides effective data privacy. Often, however, additional privacy requirements call for the use of digital encryption technology and protocols such as IPsec.

4. Security Monitoring: To ensure that a network remains secure, it is important to regularly test and monitor the state of security preparation. Network vulnerability scanners can proactively identify areas of weakness, and intrusion detection systems can monitor and respond to security events as they occur. Using security monitoring solutions, organizations can obtain unprecedented visibility into both the network data stream and the security posture of the network.

5. Policy Management: As networks grow in size and complexity, the requirement for centralized policy management tools grows as well. Sophisticated tools that can analyze, interpret, configure, and monitor the state of security policy, with browser-based user interfaces, enhance the usability and effectiveness of network security solutions.

These elements enable dynamic links between customer security policy, user or host identity, and network infrastructures.

Playing it SAFE
The future of network security is an entire system as opposed to a collection of point products. It gets us away from thinking about security in terms of 'Here's my firewall. What do I need to do?' but rather, 'Here's my network. What potential threats do I have to experience in this network, and how do I mitigate those threats?"

A comprehensive secure blueprint for enterprise networks, is to provide best practice information on designing and implementing secure networks. A blueprint serves as a guide to network designers considering the security requirements of their network. This strategy results in a layered approach to security where the failure of one security system is not likely to lead to the compromise of network resources.

Businesses that successfully lead in the information age will be those that efficiently find the balance between protecting corporate and customer information, and making sure good ideas and creativity are not "pent up" and made ineffective. The future of network security lies in comprehensive, dynamic solutions that can scale up as the enterprise requirements increase.

The writer is VP-Systems Engineering, Cisco Systems

 
     
- <Back to Top>-  

Copyright 2001: Indian Express Newspapers (Bombay) Limited (Mumbai, India). All rights reserved throughout the world.
This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Bombay) Limited. Site managed by BPD.