What is policy enforcement, and why should we care?
Computerworld - There's a new kid on the network security block, and it seems to have a lot of names.
Cisco Systems Inc. can't decide what to call it, sometimes using Network Admission Control and sometimes referring to Self-Defending Networks. Microsoft Corp. is using Network Access Protection.
These names, along with those chosen by niche players in the market -- Check Point Software Technologies Ltd. and its subsidiary, Zone Labs LLC, Endforce Inc. and InfoExpress Inc., among others -- all refer to a suddenly conspicuous technology most folks refer to as policy enforcement.
What's all the fuss about? Let's take a look.
Security administrators typically consider "authorization" in the context of user identities, which are verified via passwords or randomly generated codes or iris scans. Once identity has been validated, it's used to establish appropriate levels of access to computers, network resources and information. People with networking and Web server experience may go so far as to include certificates in their understanding of "authentication" and authorization, since IPsec and SSL/TLS both rely on certificates for validation of machine identities.
But authorization can be interpreted far more broadly. Possession being nine-tenths of the law, I can reasonably call myself an "authorized" driver of my car since I possess the car's title, and perhaps more importantly, the ignition key. In the early days of TCP/IP networking, an authorized network node could be defined operationally as "any machine with physical access to my Ethernet network," since the network implementations of the time required little more than plugging in a cable and maybe configuring an address or two to establish connectivity.
The advent of widespread wireless networking has made that informal, physical definition even more permissive, since cabling is no longer required to get online.
Most network architectures and operating systems still rely solely on relatively simple-minded identity-based mechanisms to grant access. As mentioned above, IPsec and other remote access technologies, SSL/TLS and 802.1x (in most currently shipping implementations) enable decisions based on user and host identity to grant network connectivity. These tools greatly increase enterprise security. They allow access decisions to be based on an endpoint's identification as a trusted participant in the organization, no matter where the endpoint is located. But we've learned the hard way that identity-based authorization isn't enough.
Identity-based authorization doesn't help much with a Blaster-infected laptop. Once that machine connects to your network, the infection will spread to whatever it can reach behind your firewall -- the fact that the user logged into the domain first usually doesn't protect you. In fact, in some situations user authentication makes
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts