Network Security Across the Enterprise – Stop Gap Measures to Help You Protect Your Network

Today’s business networks consist of numerous remote access connections from employees and outsourcing firms. Too often, the inherent security risks arising from these connections outside the network are overlooked. Continuous improvements have been made that can enhance security in today’s network infrastructure; taking particular focus on the users accessing the network externally and monitoring access end- points are critical for businesses to protect their digital assets.

Installing the correct software for the specific needs of your IT infrastructure is essential to having the best security protection possible. Many companies install “off the shelf” security software and assume they are protected. Unfortunately, that is not the case due to the nature of today’s network threats. Threats are diverse in nature, including the usual spam, spyware, viruses, trojans, worms, and the occasional possibility that a hacker has targeted your servers.

The proper security solution for your organization will neutralize virtually all of these threats to your network. Too often, with only a software package installed, network administrators spend a lot of their time at the perimeter of the network defending its integrity by manually fending off attacks and then manually patching the security breach.

Paying network administrators to defend the integrity of your network is an expensive proposition – much more so than installing the proper security solution that your network requires. Network administrators have many other responsibilities that need their attention. Part of their job is to make your business operate more efficiently – they can’t focus on this if they have to manually defend the network infrastructure all the time.

Another threat that must be considered is the threat occurring from within the perimeter, in other words, an employee. Sensitive proprietary information is most often stolen by someone on the payroll. A proper network security solution must guard against these kinds of attacks also. Network administrators definitely have their role in this area by creating security policies and strictly enforcing them.

A smart strategy to give your network the protection it needs against the various security threats is a layered security approach. Layered security is a customized approach to your network’s specific requirements utilizing both hardware and software solutions. Once the hardware and software is working simultaneously to protect your company, both are able to instantaneously update their capabilities to handle the latest in security threats.

Security software can be configured to update multiple times a day if the need be; hardware updates usually consist of firmware upgrades and an update wizard much like that present within the software application.

All-in-one Security Suites A multi-pronged strategy should be implemented to combat the multiple sources of security threats in today’s corporate networks. Too often, the sources of these threats are overlapping with Trojans arriving in spam or spyware hidden within a software installation. Combating these threats requires the use of firewalls, anti-spyware, malware and anti-spam protection.

Recently, the trend in the software industry has been to combine these previously separate security applications into an all-encompassing security suite. Security applications standard on corporate networks are integrating into security suites that focus on a common goal. These security suites contain antivirus, anti-spyware, anti-spam, and firewall protection all packaged together in one application. Searching out the best stand-alone applications in each security risk category is still an option, but no longer a necessity.

The all-in-one security suite will save a company money in reduced software purchasing costs and time with the ease of integrated management of the various threat sources.

Trusted Platform Module (TPM) A TPM is a standard developed by the Trusted Computing Group defining hardware specifications that generate encryption keys. TPM chips not only guard against intrusion attempts and software attacks but also physical theft of the device containing the chip. TPM chips work as a compliment to user authentication to enhance the authentication process.

Authentication describes all processes involved in determining whether a user granted access to the corporate network is, in fact, who that user claims to be. Authentication is most often granted through use of a password, but other techniques involve biometrics that uniquely identify a user by identifying a unique trait no other person has such as a fingerprint or characteristics of the eye cornea.

Today, TPM chips are often integrated into standard desktop and laptop motherboards. Intel began integrating TPM chips into its motherboards in 2003, as did other motherboard manufactures. Whether or not a motherboard has this chip will be contained within the specifications of that motherboard.

These chips encrypt data on the local level, providing enhanced security at a remote location such as the WiFi hotspot full of innocent looking computer-users who may be bored hackers with malicious intent. Microsoft’s Ultimate and Enterprise versions of the Vista Operating System utilize this technology within the BitLocker Drive Encryption feature.

While Vista does provide support for TPM technology, the chips are not dependent upon any platform to function.

TPM has the same functionality on Linux as it does within the Windows operating system. There are even specifications from Trusted Computing Group for mobile devices such as PDAs and cell phones.

To use TPM enhanced security, network users only need to download the security policy to their desktop machine and run a setup wizard that will create a set of encryption keys for that computer. Following these simple steps significantly improves security for the remote computer user.

Admission Based on User Identity Establishing a user’s identity depends upon successfully passing the authentication processes. As previously mentioned user authentication can involve much more than a user name and password. Besides the emerging biometrics technology for user authentication, smart cards and security tokens are another method that enhances the user name/password authentication process.

The use of smart cards or security tokens adds a hardware layer requirement to the authentication process. This creates a two-tier security requirement, one a secret password and the other a hardware requirement that the secure system must recognize before granting access.

Tokens and smart cards operate in essentially the same fashion but have a different appearance. Tokens take on the appearance of a flash drive and connection through a USB port while smart cards require special hardware, a smart card reader, that connects to the desktop or laptop computer. Smart cards often take on the appearance of an identification badge and may contain a photo of the employee.

However authentication is verified, once this happens a user should be granted access through a secure virtual network (VLAN) connection. A VLAN establishes connections to the remote user as if that person was a part of the internal network and allows for all VLAN users to be grouped together within distinct security policies.

Remote users connecting through a VLAN should only have access to essential network resources and how those resources can be copied or modified should be carefully monitored.

Specifications established by the Institute of Electrical and Electronics Engineers (IEEE) have resulted in what is known as the secure VLAN (S-VLAN) architecture. Also commonly referred to as tag-based VLAN, the standard is known as 802.1q. It enhances VLAN security by adding an extra tag within media access control (MAC) addresses that identify network adapter hardware within a network. This method will prevent unidentified MAC addresses from accessing the network.

Network Segmentation This concept, working hand-in-hand with VLAN connections, determines what resources a user can access remotely using policy enforcement points (PEPs) to enforce the security policy throughout the network segments. Furthermore, the VLAN, or S-VLAN, can be treated as a separate segment with its own PEP requirements.

PEP works with a user’s authentication to enforce the network security policy. All users connecting to the network must be guaranteed by the PEP that they meet the security policy requirements contained within the PEP. The PEP determines what network resources a user can access, and how these resources can be modified.

The PEP for VLAN connections should be enhanced from what the same user can do with the resources internally. This can be accomplished through network segmentation simply be defining the VLAN connections as a separate segment and enforcing a uniform security policy across that segment. Defining a policy in this manner can also define what internal network segments the client can access from a remote location.

Keeping VLAN connections as a separate segment also isolates security breaches to that segment if one were to occur. This keeps the security breach from spreading throughout the corporate network. Enhancing network security even further, a VLAN segment could be handled by it’s own virtualized environment, thus isolating all remote connections within the corporate network.

Centralized Security Policy Management Technology hardware and software targeting the different facets of security threats create multiple software platforms that all must be separately managed. If done incorrectly, this can create a daunting task for network administration and can increase staffing costs due to the increased time requirements to manage the technologies (whether they be hardware and/or software).

Integrated security software suites centralize the security policy by combining all security threat attacks into one application, thus requiring only one management console for administration purposes.

Depending on the type of business you’re in a security policy should be used corporate-wide that is all-encompassing for the entire network. Administrators and management can define the security policy separately, but one overriding definition of the policy needs to be maintained so that it is uniform across the corporate network. This ensures there are no other security procedures working against the centralized policy and limiting what the policy was defined to implement.

Not only does a centralized security policy become easier to manage, but it also reduces strain on network resources. Multiple security policies defined by different applications focusing on one security threat can aggregately hog much more bandwidth than a centralized security policy contained within an all-encompassing security suite. With all the threats coming from the Web, ease of management and application is essential to maintaining any corporate security policy.

Frequently asked Questions:

1. I trust my employees. Why should I enhance network security?

Even the most trusted employees can pose a risk of a network security breach. It is important that employees follow established company security standards. Enhancing security will guard against lapsing employees and the occasional disgruntled employee seeking to cause damage to the network.

2. Do these innovations really create a secure environment for remote access?

Yes they do. These enhancements not only greatly enhance a secure VLAN connection but they also use widely accepted standards that are often integrated into common hardware and software. It’s there, your company only needs to start using the technology.

3. My company is happy with using separate software, that way each application can focus on a separate security threat. Why should I consider an all-in-one security suite?

Many of the popular software applications commonly used by businesses have expanded their focus to identify all security threats. This includes solutions from both software and hardware appliance technology manufacturers. Many of these firms saw the need to consolidate security early on and purchased smaller software firms to gain that knowledge their firm was lacking. A security suite at the application level, will make management much easier and your IT staff will thank you for it.

4. Do I need to add a hardware requirement to the authentication process?

Requiring the use of security tokens or smart cards should be considered for employees accessing the company network from a remote site. Particularly if that employee needs to access sensitive company information while on the road, a simple flash drive secure token prevents a thief from accessing that sensitive data on a stolen laptop.

5. With all this concern about WiFi hotspots should employees be required not to use these locations to connect to the company network?

WiFi hotspots have sprung up nationwide and present the easiest method for your remote employees to access the Internet. Unfortunately, hotspots can also be full of bored, unemployed hackers who have nothing better to do than find a way to intercept a busy employee’s transmissions at the next table. That’s not to say employees on the road should avoid hotspots. That would severely limit them from accessing the network at all. With technologies like S-VLAN and secure authentication in place, a business can implement technologies to reduce threats both now and in the future.

Implementing the latest network security technologies is a high priority for IT Management. In today’s network environment with many users accessing your digital assets remotely, it’s critical to get your network security correct during the planning phase of the integration process.

Obviously, it should be noted that most large companies have multiple operating systems running (Windows, Mac O/S, etc) and that for many of these companies all-in-one security suites face certain challenges in a mixed operating system environment.

That is why I stress that you consider having layered security (both hardware and software) and don’t simply rely on software applications to protect your digital assets. As technology changes so do the opportunities for security breaches.

As these security threats become more sophisticated, hardware and software developers will continue to innovate and it’s essential businesses keep up with, and implement these technologies.

Enterprise 2.0 – A Way to Innovate

The world today is undergoing rapid changes. The traditional way of doing business no longer holds importance. As the Great recession is fading away, a new business environment is emerging which poses new challenges to the organisations. The businesses have become a matter of survival. Those who will not change with time will be thrown out from this new landscape. As per this year’s Bloomberg/Business Week/Boston Consulting Group (BCG) annual survey of top executives, eighty three percent of the executives surveyed said innovation will play a major role in benefiting from the recovery. So, businesses are trying to innovate more & more to stay ahead of the competition.

Earlier, organisations had pre-defined innovating team consisting of engineers, researchers etc. But under the changed circumstances, they no longer want to have a limited team for innovation. They now have a broader view on this topic and they invite ideas from every corner of the world. There are many organisations which have already adopted this philosophy e.g. Procter & Gamble which applied open-innovation strategy through its website. It not only shows what it knows & what it can do, but also publicizes what it needs. P&G is looking for & inviting new ideas from everybody and about anything from the way they do marketing to the way the organisation functions as a whole. It has recently bought a new technology for an antimicrobial product from a company that submitted its proposal through P&G’s website. So, we see how P&G innovated to bring customers, partners and employees under same umbrella of their website. One of the ways to innovate is to adapt to new technologies. Today, technology has the power of making new industries and breaking existing industries. Some years ago when e-mail technology arrived, most of the companies adopted it to increase collaboration and help its workforce to do the work more rapidly. People also adopted it comfortably in their personal and professional life. But as the environment around the companies is getting more complex, they need new technologies combined with innovation to increase the collaboration.

The organisations are trying to bring in the power of Web 2.0 tools and social software platforms which enable people to collaborate and/or form online communities into enterprises to create – Enterprise 2.0. It is a term coined for the Web 2.0 technologies that liberate employees from the constraints of using earlier communication tools like e-mail. It is a web of inter-connected services and applications which provides managers with the right information at right time. It provides organisations with a competitive advantage in terms of innovation & productivity. The new Web 2.0 technologies are not just for socializing like Facebook, Twitter etc., but if applied in a proper manner can help organisation in solving severe problems, capturing fast changing knowledge, leveraging expertise, generating and refining ideas and harnessing the wisdom of the crowds. The web 2.0 can be used to improve communication, cooperation, collaboration and connections which has been called the 4Cs of social software by Niall Cook in his book titled – Enterprise 2.0 – How social software will change the future of work. It can help organisation in making information exchange and collaboration among its employees and among its partner network more simple and agile, keeping the organisation ahead of the competition.

According to a study conducted by IBM in 2010 named – Working beyond borders, most of the surveyed Chief Human Resource Officers said that they need to better capitalize on collective intelligence of their organization. The study also shows that the companies which outperform financially are 57% more likely to use social networking and collaborative tools so that different teams spread across world can work more efficiently than those companies which under-perform financially. Of the 707 executives surveyed, 78% HRs think that their organization is not effective at encouraging the use of collaborative and social networking tools. Instead of this, only 21% companies have increased investment in collaborative tools.

A survey by IBM showed that 19% of the respondents use collaborative tools to identify skilled individuals, 23% use it to preserve critical knowledge and 27% use it to spread innovation. It also showed that many organizations are still at a very nascent stage of deploying social networking and collaborative tools.

Today, social software is being adopted in the organisations to have better performance of their work forces. This gives employees a bigger platform to collaborate and communicate than e-mail. Due to this, relationships between company and employee and also among employees are changing rapidly. This is helping organizations to reshape from bottom to up. There is also an increasing trend where customers share their problems, new products and opinion on improvements in real time on the web. New ideas generation today are taking place on the web where your competitors can see your changing strategies and can act accordingly. This means companies need to continuously innovate and take fast decisions. Enterprise 2.0 helps manufacturing companies to integrate their suppliers through secured communication network, thereby reducing the cost and improving the quality. In this flatter world where even the smallest companies want to compete at global level, social software provides them a means to find and connect with new customers and thus expanding their business.

Going forward, industries not only need to innovate but also to manage and strategize innovation as per the need of the time. They will also need to adopt new technologies as early as possible to increase productivity and collaboration and there by staying ahead of competition.

How Dark Fiber Networking Can Benefit Your Business

Before discussing the advantages of dark fiber, here is a brief description of it. It is a communications system that utilizes optical fibers. The term was first used to describe the networking capacity of a telecommunications infrastructure. Today, it also referred to the leasing of fiber optic lines from a service provider.

Many large corporations are hesitant to use the system because they think it will be too expensive. Much of this is because they don’t know how advantageous it is or that the price today is much cheaper. Therefore, a good understanding of the system is necessary before taking advantage of this innovative network and how it can benefit your company.

In 1997, a significant communications event took place. Underground optical cables were laid between Tokyo, Japan and London, England. At the same time, huge bundles of unused lines were installed for future use. There was an outcry from the public as the project involved extensive digging operations which caused inconvenience and obstructions.

Municipalities, electrical companies, and telephone companies seized the chance to use these lines to avoid the inconvenience caused by future digging. In the past, it was only telecommunication companies that were permitted to utilize this technology. Therefore, they had complete control and monopolized the leasing of unused lines to commercial enterprises.

Today, major corporate companies and other businesses are not only leasing lines, but they are developing their own dark fiber networking systems. This not only benefits their operations but it also increases their bandwidth. More importantly, they become self-sufficient and don’t have to rely on telecommunications companies to provide the cables.

As mentioned already, the main concern of companies regarding setting up their own networks was price. The good news is that the cost has dropped significantly because of an oversupply of the optical fibers. This has made the option much more affordable. Another factor influencing the cheaper price is that mid-sized companies are now using this technology and able to offer a cut rates to set up systems.

Proponents of wireless networking systems are quick to point out that optic lines are prone to disruption. Optic experts counteract this by saying that wireless networks that don’t work off RF signals are even more susceptible to disruption. In an out-of-sight wireless network, transmission is easily blocked by an object or person in the way.

Optical lines are resistant to tapping, jamming and radio frequency interference. They are not affected by sources of electromagnetic pulse caused by wireless networks. Line tapping is made difficult because fiber does not leak like copper. Once a fiber-optic line is jacketed and coated, the light is encased in the cable.

Computer systems benefit greatly from dark fiber networks. Companies have now started to recognize the advantages of optics as a more secure and flexible alternative to copper wiring. Apart from getting more bandwidth, resistance to interference, trapping, and jamming, there is another big plus. There is no longer a need to go through the hassle of installing networking devices called repeaters. To prevent vandals or terrorists cutting the wires, the cables are buried deep beneath the ground. To gain access to them would require massive machinery and manpower.