Network security has shifted focus substantially over the last few years. Whereas firewalls and intrusion detection technology were commonplace before, the modern requirement is for more advanced network management tools and intrusion prevention via exclusion policies rather than attempting to detect intrusions that have already occurred.
Ankcorn Fernihough, systems engineer for 3Com believes that the modern security environment is an overlay on top of what was conventionally implemented and, as such, presents added complexity to the security ecosystem. This is forcing a new approach to security.
“We are seeing advancements in security, not change per se,” he says. “Mobility is a big driver for this advancement; mobile workers must have access to IP-based systems.”
Fernihough explains that this is challenging the conventional view of firewall systems. With remote access coming to the fore, traditional firewalls in the traditional sense no longer fulfil all of an organisation’s security needs.
“In the past firewalls would typically allow all packets entrance into the network and then there would be an attempt to analyse them via intrusion detection systems,” he says. “But effective security now relies on intrusion prevention, not just detection.”
He emphasises that network access control (NAC) systems have become an integral part of effective security platforms; this is particularly vita in terms of convergence.
“Mobile workers not only need remote access to the IP environment, but there is added complexity in what they are using the IP stack for,” explains Fernihough. “Voice and data is now traversing the IP network and access is required for a wide range of devices from telephony handsets to personal digital assistants and laptop computers.”
“Key to effectively managing all of these devices and their related traffic is assessing their readiness to be connected to the network,” he continues. “Tools are required that are able to ensure that policies are enforced before allowing devices to connect. For example, computers are analysed to ensure that their operating systems are up to date with the latest patches and that they have recently been scanned for viruses. Only then is the device allowed to connect.”
“If you have a vulnerability on your network, then you need to know where it is."
He says that 3Com prefers using the term ‘Network Access Management’ as this provides a better indication of what the technology aims to achieve.
Going forward, Fernihough predicts that training will increasingly become a prerequisite, given the highly skilled requirements of modern devices and he networks that accommodate them.
“I also think that security being outsourced creates a big vulnerability on a network. You need someone skilled to handle internal security for the organisation. Five years ago network security was not a major concern. If you signed a security policy five years ago, that policy does not apply today because there are more threats rampant in the market.
“This is where you need something that can do deep packet inspection and not detection and where a security specialist is required who needs to keep the organisation up to date in all aspects.”
Increased complexity is driving exclusionary policies into the networking fray and demanding comprehensive management systems. Firewalls and detection systems are not being replaced, but rather being supplemented with these new technologies.