Computerworld

Get the NAC of good security though team work

Network and security pros can learn from each other
Page:

Savvy IT shops which encourage overlap between security and network administration have averted war ignited by recent efforts to merge the two groups.

Businesses that integrate security with networking produce more effective security measures, have a better view of users and can streamline network configurations.

But those companies which force the groups together based on the latest products and new ideas will discover their patriotic professionals are not willing to give up their badges.

NAC doesn't require the latest state packet filtering, proxy deep inspecting, simulating, intrusion preventing unified threat management firewall
Consultancy Opus One senior partner Joel M Snyder said well-designed Network Access Controls (NACs) are tantamount to good security, and are a product of cooperation between security and network administrators.

"Cooperation can be difficult because security doesn't have any credibility in networking and vise-versa, so they have to put their differences behind them," Snyder said.

"The argument around blending the teams is based on perimeter security which is all about network integration.

"Sometimes you have to design a network in terms of security rather than the typical networking principles of reliable, fast and cheap. This might sound impossibly ridiculous, but if you need to change the network around a lot to enable good security, you will need cooperation."

Snyder said security professionals must review the entire network architecture, be aware of all connected users and control points before buying NAC gear. This should be done by running an Intrusion Detection System (IDS) and throughly analyzing all reports and logs.

"You can't make an NAC decision unless you know what is trying to gain access [and] you will almost always find something you didn't expect when you run an IDS properly."

Good security does not need to be expensive, according to Synder. Almost every business can save money by locating forgotten control points and integrating them into the managed security framework. This avoids purchasing unnecessary switches, routers and firewalls.

"NAC doesn't require the latest state packet filtering, proxy deep inspecting, simulating, intrusion preventing unified threat management firewall," he said.

Page:
More about: IPS, Opus One

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Recent Discussions
Whitepapers
All whitepapers
tracking pixel
 
Computerworld Community Comments
Most Popular Whitepapers
Zones
SAS Resource Centre

This Resource Centre hosts a wealth of thought leadership articles, whitepapers, and success videos, to help you make the most out of your corporate information in order to swiftly make sound business decisions to survive and thrive in the current economic climate.

Oracle Resource Centre

News, Features and the latest whitepapers on SOA, Application Grid, Enterprise Management and Database

Sponsored Links
 
Back to top Sitemap

Sections

Verticals

Zones

  • SAS Resource Centre

    This Resource Centre hosts a wealth of thought leadership articles, whitepapers, and success videos, to help you make the most out of your corporate information in order to swiftly make sound business decisions to survive and thrive in the current economic climate.

  • Oracle Resource Centre

    News, Features and the latest whitepapers on SOA, Application Grid, Enterprise Management and Database

Popular Whitepaper Tags

Resources

Jobs

Services

IDG Websites

Copyright 2009 IDG Communications. ABN 14 001 592 650. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.