Ten tips for securing borderless networks
Debra Littlejohn Shinder
Published: 17 Oct 2007 16:51 BST
Company networks are undergoing so-called "deperimeterisation", as online collaboration with partners, customers, telecommuters and others outside the physical LAN becomes increasingly important to doing business.
At the same time, these users are able to connect to company resources with a wider variety of devices, including smartphones, Blackberry devices, and other types of handheld.
This is great in terms of access, but not so great in terms of security. The old security model is dependent on "border patrol" via firewalls, intrusion detection and prevention systems, DMZs and other perimeter protection methods. In the new, borderless network, the focus shifts to protection of the data itself.
Here are 10 technologies you should be looking at to help secure your borderless network.
1. Strong and multi-factor authentication
User authentication focuses on who is requesting access, rather than where they're located. But when users can access internal resources from anywhere, it becomes more important than ever to ensure the authentication process can't be circumvented.
Strong authentication methods include more than just providing a password; for example, a user might be required to answer multiple challenge questions before being given access to sensitive data.
Multi-factor authentication adds another element: the user must provide a card, token (something you have) or biometric identifier, such as a fingerprint or iris scan (something you are), as well as the "something you know" element of passwords and successful answers to questions.
Some companies, such as SafeNet, have developed entire security platforms targeted at protecting borderless networks.
2. Cross-company identity management
Closely related to authentication is the dilemma of identity management. Identity-management systems tie particular people to particular accounts, names and attributes.
The problem with traditional identity management systems is that they work well within the borders of an organisation but not as well with users outside the organisation. That's where cross-organisation, or federated, identity management comes in.
A federated identity management (FIM) system allows partner companies to authenticate each others' users. Microsoft's Identity Integration Server (MIIS) and its successor, Identity Lifecycle Manager (ILM), are examples of products that can provided for federation-wide identity management. Another option is RSA's Federated Identity Manager.
3. Host-based security software
A borderless network doesn't mean the firewall is dead; it's just moved.
Watch this
Video blog: VoIP security is a red herring
At IP'07, we've been chatting to various industry luminaries about whether the whole convergence strategy pushed by the communications vendors is all it's cracked up to be...
In fact, most companies aren't doing away with their perimeter firewalls — we haven't become quite that deperimeterised yet. But when those borders aren't as tight as they used to be, it's a good idea to install/use host-based firewalls, antivirus and other security products to catch those threats that make it past the edge firewalls. This gives you a double dose of protection.
The latest versions of Windows client and server operating systems come with firewall and anti-spyware programs built in, and numerous third-party host-based products are available.
4. Application-level security
Application-level security is integrated into the user or business-application program and can provide cryptographic services, such as non-repudiation through digital signatures or selective field encryption.
This gives you good protection against "insider" attacks (which becomes even more important in the borderless network, where the lines between insider and outsider are blurred).
5. Policy-based integrity enforcement
When users are connecting to your internal resources from various locations via computers you don't control, it becomes especially important to ensure the integrity of those systems.
You want to be assured that they are running host-based security software (firewall, antivirus and so on) and have installed security updates to minimise...
Previous
Did you find this article useful?
2 out of 2 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
