Read up on the latest ideas and technologies from companies that sell hardware, software and services. Wireless LANs: Is my enterprise at risk?
Microsoft 2008 Mission Critical IT
Enterprise Wireless WLAN Security
EMC Data Profiling for File System and Exchange Server Environments
A Guide to Next-Generation Backup, Recovery and Archive
Network Aware Service Management
Revolutionising Back-up and Recovery
Optimized Back-up and Recovery for VMWare for VMWare Infrastructure with EMC Avamar
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Traditionally, many IT specialists have seen networks as an open channel. They allow an infinite variety of devices to communicate, and the best networks make communication simple, free, and instantaneous -- like the air we breathe. Back in the early days of the Internet, shell accounts were free for the asking. Few people used passwords. It was an easy and altruistic era.
But that was a long time ago.
We have long since learned that we have to protect ourselves from the more aggressive Internet users, whether those who do it for nefarious purposes or those who contend that they are just trying to make us aware of our vulnerability. Firewalls, traffic filters, intrusion detection and prevention, and other security devices are now assumed components of a responsible network infrastructure. We feel protected from those external forces. The problem is that those forces have ways of getting inside our perimeter. So we need more protection.
This is where policy-based networking enters the fray. Comprising a range of technologies, including NAC (network access control), traffic analysis, filtering, and reporting, policy-based networks proactively address both organizational requirements and the realities of an unfriendly world. The goal of a well-designed policy-based network is to look free and open to all valid traffic, while coming across as a bit bucket to anything unauthorized.
In earlier NAC reviews, we began the process of differentiating approaches to policy-based network solutions even as the hype around NAC grew to a fever pitch. After all, the point is solving the business and security problems.
In this and a series of companion upcoming reviews, we will look at the continually evolving world of NAC and policy-based networking. There is some confusion in terminology, since Cisco Network Admission Control (CNAC) is a Cisco-proprietary solution for network access control. We will be reviewing a wide range of NAC solutions (including CNAC), so all references to NAC refer to the more generic concept of controlling access to a network. For each review, we look at the product's ability to address a set of typical enterprise policies and distinguish the ways in which the product does that. As you read all of these articles, the key is to consider your requirements from within the universe of possible policies, especially in terms of the granularity of both the policies and their enforcement. You will also want to consider how you want to interact with the system and whether ease of policy creation, policy modification, or reporting are your most vital requirements.
ConSentry LANShield Switch
The ConSentry LANShield Switch is available in both 24- and 48-port versions. The 24-port version includes 24 Gigabit Ethernet ports and two combo SFP (small form-factor pluggable) gigabit ports. The 48-port version includes 44 Gigabit Ethernet ports, four combo SFP gigabit ports, and two 10Gbps ports. Both switches have an option for PoE (power over Ethernet). Functionally, the two switches are identical, offering layer-2 and layer-3 policy control, thereby allowing customers to choose based on their connectivity requirements.
ConSentry also offers the LANShield Controller, a layer-2 device that is designed to sit between the edge and the enterprise network core. LANShield OS is common to the two device configurations.
System management comes via ConSentry InSight, element-management-style software designed to monitor and administer the infrastructure. With InSight, you set up your policies, adjust them when needed, and monitor the state of your devices and infrastructure using the extensive reporting (the best we've seen -- more about this later).
Policy setup and application
ConSentry designed its architecture to interact with back-end AAA (authentication, authorization, and accounting) servers, and its current systems are able to talk to either Microsoft Active Directory Services, LDAP, or RADIUS. PAMs (pluggable authentication modules) allow the system to authenticate Linux, Mac, and Novell users, as well. The switches are able to snoop the traffic to see authentication requests and responses, using the information discovered to determine identity and, thus, apply appropriate policies.
Setting up policies, then, starts with AAA infrastructure integration. Once installed, InSight allows you to see the registered users and groups, then create policies based on them. The policy editor is straightforward, much like a firewall filter editor, allowing you to assign policies of arbitrary granularity. For example, you can select the types of packets that are allowed for specific IP address ranges, type of device, or user group. As with all policy-based networking, designing policies to reflect your requirements before creating them is vital. After policies are established, you can apply one or more policy to any group of users.
Computerworld Member Login
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
NetStar Networks Calls Brisbane Home 2008-10-13 12:01:00+10
New Verizon Business Managed Service Makes Collaboration Easier 2008-10-13 10:06:00+10
F-Secure achieves excellent results in Internet security suite comparison 2008-10-10 14:37:00+10
M2M Connectivity announces the new Sierra Wireless MC8792V embedded module for 900 MHz 3G/HSPA networks 2008-10-10 08:51:00+10
Pitney Bowes MapInfo Launches New Version of AnySite 2008-10-10 05:58:00+10
Improving Sales Productivity: An Opportunity for Sales and IT Leadership
Strong leadership and teamwork between business units are key factors in the productivity, efficiency and effectiveness in business today. This paper demonstrates the critical role technology can play and the practices that all divisions in co-operation with IT should follow for the best chance to success.
