Security breaches and the resultant loss of productivity and access to confidential data costs enterprises millions, but the security imperative goes beyond these financial incentives.
When effects of security breaches extend beyond individual enterprises to entire industries or further, the government is forced to step in: The Sarbanes Oxley Act; the Patriot Act; industry-specific regulations, such as the Gramm-Leach-Bliley Act for the financial industry and the Health Insurance Portability and Accountability Act (HIPAA); and security-related regulations outside of the U.S., like the Data Protection Directive in the EU.
Indeed, each of these government directives is based on historical events and precendent, and they are designed to benefit the communities to which they apply. Nonetheless, each places an additional burden on the enterprises that must abide by them. They have wide-ranging impact on security, including requirements for encryption, disaster recovery and business continuity, archiving, and consumer privacy. Failure to comply with these regulations can bring civil and criminal penalties.
Policy, Processes, and People
A properly designed and implemented security policy must clearly identify the resources in the enterprise that are at risk, as well as any resulting threat mitigation methodologies, whether procedural or electronic. People and processes refer to the enforcement of security policies that address not only technical considerations, but also the business and human aspects of security. The objectives are clear: keep the bad guys out, make it easier for the good guys, and provide clear situational awareness for proactive defense.
Baseline Security Establishes a Sound Foundation
Individual network and user devices that provide (switches, routers, and communication servers ) or use (desktop or mobile devices) network services all need to be secured, at least to a basic level. For example, the integrity of the device operating software and configuration data needs to be protected. End devices should support personal firewalls and anti-virus software, while administrator authentication and authorization and securing remote network operations are critical for network devices.
Layered Defense Approach to Network-Level Security
A layered defense approach to security is designed to ensure there are no single points of security failure in a network. This is accomplished by using multiple approaches to security enforcement in different parts of the network. Layered defense approach is also bolstered by leveraging systems that utilize security capabilities and products from best-of-breed security vendors. Based on open, standards-based technologies, this approach enables easy integration and simplified operations that reduce the overall network security total cost of ownership. Intrinsic to layered defense is closed loop policy management, which includes configuration management of network devices, enforcement of policies in the network, and verification of network functionality via audit trails. These functions are implemented in a closed feedback loop to ensure that polices are continually refined for maximum security.
As employees, business partners, and customers make more use of the enterprise network to meet their business objectives, enterprises need more control of the endpoints that are used to access the network. The goal of endpoint security is to ensure valid user identity, and device security policy compliance (e.g., most recent anti-virus software). Because so many threats are now coming from internal network users, this must necessarily include wired and wireless endpoints within the network, as well as those at remote sites, where there is less control over users devices.
Perimeter security, the second key element of layered defense, can be applied at internal perimeters, at the external edge of the network (the DMZ), around data centers, around secure multimedia zones to protect multimedia and IP Telephony call servers, and even around a single critical user. Perimeter security ensures effective and efficient secure network zone boundaries, enabling businesses to ensure information assets are protected without losing business agility. The tools of the trade include sophisticated, state-aware, packet filtering and application firewalls, which perform deep packet inspection to detect and block attacks that directly target applications. They also include VPN routers and gateways, which provide firewalls as well as SSL and IPSec VPN support for remote offices and users. First attack protection systems provide perimeter security protection for network killer attacks (e.g., high volume DoS, virus, and worm attacks), in addition to application delivery capabilities, such as
load balancing and bandwidth management.
Keeping watch for malicious software and traffic anomalies, enforcing network policy, and enabling survivability is the role of core network security in a layered defense approach to security. It also is a key function in enabling situational awareness and evolving a security architecture to increased autonomic operation. Continually monitoring the network for malicious activity is key to ensuring that if an attack slips through other layers of security, a network will detect it and take appropriate action to block the attack and ensure survivability.
Application Security: Protecting Information in Transit
Protecting corporate and customer information from unauthorized discovery, eavesdropping, or misappropriation while stored or in transit across networks is an important element of the layered defense approach to security. While IPSec provides cryptographic protection at the network layer (OSI Layer 3), Web traffic uses Secure Sockets Layer (SSL) to secure communications at the transport layer (Layer 4) and offers the added benefit of not requiring the support of client software. Given that unified networks can carry voice, data, and video, when and where to protect this traffic is a major consideration. Real-time traffic can be protected using these or can leverage TLS (Transport Layer Security) and SRTP (Secure Real Time Protocol) to encrypt the signaling traffic to the network, and voice or video traffic on an end-to-end basis, respectively.
It all boils down to finding the true value of a unified security framework. A unified security framework allows enterprises to develop and enforce risk-optimized security policies across increasingly converged environments, and address process and technical considerations as well as regulatory mandates to protect data integrity and confidentiality. IT
Tony Rybczynski is Director of Strategic Enterprise Technologies at Nortel. He has over 30 years experience in the application of packet network technology. Phil Edholm is the Nortel CTO & VP Network Architecture - Enterprise and is responsible for vision and architectural directions. For more information, please visit www.nortel.com (news - alerts).
If you are interested in purchasing reprints of this article (in either print or PDF format), please visit Reprint Management Services online at www.reprintbuyer.com or contact a representative via e-mail at [email protected] or by phone at 800-290-5460.