Get the NAC of good security though team work

Network and security pros can learn from each other

Savvy IT shops which encourage overlap between security and network administration have averted war ignited by recent efforts to merge the two groups.

Businesses that integrate security with networking produce more effective security measures, have a better view of users and can streamline network configurations.

But those companies which force the groups together based on the latest products and new ideas will discover their patriotic professionals are not willing to give up their badges.

NAC doesn't require the latest state packet filtering, proxy deep inspecting, simulating, intrusion preventing unified threat management firewall

Consultancy Opus One senior partner Joel M Snyder said well-designed Network Access Controls (NACs) are tantamount to good security, and are a product of cooperation between security and network administrators.

"Cooperation can be difficult because security doesn't have any credibility in networking and vise-versa, so they have to put their differences behind them," Snyder said.

"The argument around blending the teams is based on perimeter security which is all about network integration.

"Sometimes you have to design a network in terms of security rather than the typical networking principles of reliable, fast and cheap. This might sound impossibly ridiculous, but if you need to change the network around a lot to enable good security, you will need cooperation."

Snyder said security professionals must review the entire network architecture, be aware of all connected users and control points before buying NAC gear. This should be done by running an Intrusion Detection System (IDS) and throughly analyzing all reports and logs.

"You can't make an NAC decision unless you know what is trying to gain access [and] you will almost always find something you didn't expect when you run an IDS properly."

Good security does not need to be expensive, according to Synder. Almost every business can save money by locating forgotten control points and integrating them into the managed security framework. This avoids purchasing unnecessary switches, routers and firewalls.

"NAC doesn't require the latest state packet filtering, proxy deep inspecting, simulating, intrusion preventing unified threat management firewall," he said.

Join the newsletter!

Error: Please check your email address.

More about IPSOpus One

Show Comments