Get the NAC of good security though team work

Network and security pros can learn from each other
Page:

Savvy IT shops which encourage overlap between security and network administration have averted war ignited by recent efforts to merge the two groups.

Businesses that integrate security with networking produce more effective security measures, have a better view of users and can streamline network configurations.

But those companies which force the groups together based on the latest products and new ideas will discover their patriotic professionals are not willing to give up their badges.

NAC doesn't require the latest state packet filtering, proxy deep inspecting, simulating, intrusion preventing unified threat management firewall
Consultancy Opus One senior partner Joel M Snyder said well-designed Network Access Controls (NACs) are tantamount to good security, and are a product of cooperation between security and network administrators.

"Cooperation can be difficult because security doesn't have any credibility in networking and vise-versa, so they have to put their differences behind them," Snyder said.

"The argument around blending the teams is based on perimeter security which is all about network integration.

"Sometimes you have to design a network in terms of security rather than the typical networking principles of reliable, fast and cheap. This might sound impossibly ridiculous, but if you need to change the network around a lot to enable good security, you will need cooperation."

Snyder said security professionals must review the entire network architecture, be aware of all connected users and control points before buying NAC gear. This should be done by running an Intrusion Detection System (IDS) and throughly analyzing all reports and logs.

"You can't make an NAC decision unless you know what is trying to gain access [and] you will almost always find something you didn't expect when you run an IDS properly."

Good security does not need to be expensive, according to Synder. Almost every business can save money by locating forgotten control points and integrating them into the managed security framework. This avoids purchasing unnecessary switches, routers and firewalls.

"NAC doesn't require the latest state packet filtering, proxy deep inspecting, simulating, intrusion preventing unified threat management firewall," he said.

Page:
More about: IPS, Opus One

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/205/divx-plus/

DivX Plus

Divx Plus 8 provides you with a Web Player which allows you to watch DivX, AVI and MKV videos in your web brower; you can ...

HP and IDG news, product videos and resources

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia