Computerworld - Most companies are prepared for threats to their networks from the outside world, but it's breaches of security from within the corporation that often pose the biggest concern in this post-Enron world of increased corporate governance.
In addition, IT managers must deal with both technical and human challenges to meet the security requirements of their companies, as well the mandates of new legislation such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act and the Graham-Leach-Bliley Act.
When considering how to secure a network, it's important to take a holistic approach, from the physical layer to the application layer, with thorough security policies, appropriate authentication mechanisms and effective education of users to complement the technologies implemented within the network.
As such, a layered approach to network security allows the development of flexible, scalable security systems across the network, application and management levels to meet the needs of companies and ensure that they're in compliance with regulatory requirements.
The security-layering concept results in the ability to offer variable-depth security, where each additional security level builds upon the capabilities of the layer below, resulting in more stringent security moving up through the layers. This can help to protect organizations from security breaches that may come from within, as layering provides multiple measures of security controls.
The first layer: VLANS
At the first layer, basic network compartmentalization and segmentation can be provided by virtual LANs. This allows various business functions to be contained and segmented into private LANs with traffic from other VLAN segments strictly controlled or prohibited. Several benefits may be derived from the deployment of VLANs for small to midsize businesses across the company's multiple sites. These include the use of VLAN "tags," which allow the segregation of traffic into specific groups, such as finance, human resources and engineering, and the separation of data without "leakage" between VLANs as a required element for security.
The second layer: Firewalls
A second layer of security can be achieved through the use of perimeter defense and distributed firewall-filtering capabilities at strategic points within the network. The firewall layer allows the network to be further segmented into smaller areas and monitors and protects against harmful traffic originating from the public network. In addition, an authentication capability for incoming or outgoing users can be provided. The use of firewalls provides an extra layer of protection that's useful for access control. The application of policy-based access allows the customization of access based on business needs. The use of a distributed firewall approach affords the additional
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
