Network Access ManagementTrends in IT Applications for

Management

Prepared by:• Ahmed Ibrahim S09761197

Introduction

• The explosion of fast, reliable network connectivity (internet & enterprise LAN) has transformed the world of business, creating new opportunities & making organizations fast, agile & efficient.

• Challenge – meet the increasing demands of an “always connected” user (employees, partners, customers) while keeping the security of networks & intellectual assets.

Connectivity versus Security

• Connectivity is optimized by complete access.• Security is optimized by lack of access.• Optimum connectivity – design completely open

network, then react to security concerns by selectively closing down areas of access.

• Optimum security – design a completely closed network, then react to connectivity requests by selectively opening areas of access.

Trust Boundaries

“In both the physical & virtual worlds, an organization implements security systems & procedures at the distinct points where 2 different trust zones meet”.

LAN & internet: firewalls Data communications & remote users: VPN tunnel

Why do we need Trust Boundaries…?

Strengthen the protection of critical computing & storage resources in recognition of growing exposure to internal risks presented by virus, worms, non-employee users, etc.

The threat from within

• To protect both the network & the business operations that rely on the network, an additional trust boundary must be erected between them.

• Security measures must ensure that a user with legitimate access to resources doesn’t inadvertently enable malware to reach those resources, taking advantage of the user’s security clearance to propagate an attack.

The emergence of Explicit Permission & Network Access Management

Two changes to provide the network security corporations:

• IT organizations must change today’s network access model from one of implicit permission to one of explicit permission

• Explicit permission must be managed through an appliance that grants or denies access based on a real-time assessment of security requirements, network status & user status.

Network Access Management for Business Continuity

IT Departments can begin working from a more precise & constructive security model based on:

• Explicit permission for users accessing resources• Adaptivity to changing conditions

Security Shortcomings of Static Network Infrastructure

• Reactive security measures and lax management of end user devices are no match for new forms of malware that are sweeping the internet

– Slammer worm 75,000 machines within 10min• The rapid transmission of malware combined with

the busy everyday work of large, mobile user populations means that the security state of a network is always in flux

– Salesrep connecting laptop, contractor connecting in meeting room

Security Shortcomings of Static Network Infrastructure

• Network security involves guarding data and controlling its access, not just scanning for malware attacks

– Access to information assets must be controlled• The cost of these security attacks is simply too high.

– USD55 billion in 2003

Recognizing the problem with Static Network Infrastructure

• Administrators need to make the network infrastructure itself responsive when an attack occurs.

– Enforce “guilty until proven innocent” policy• Automation solution is in demand to clean devices• Today’s infrastructure were designed for static

configurations and lack the dynamic, moment-by-moment policy controls that effective network security demands.

Moving to a Dynamic Security Infrastructure

• Screening users and devices• Restricting users to their authorized resources• Inspecting traffic continually for threats and potential

policy violations• Enforcing security policies automatically

Industry Initiatives for Network Access Management

• Several industry initiatives are under way for creating a solution for screening devices and a system for enforcing regular security policies Cisco’s Network Admission Control (NAC)

initiative Microsoft’s Network Access Protection (NAP)

architecture The Trusted Computing Group’s Trusted Network

Connect (TNC)

The Quandary Facing Enterprises Today

• Cisco’s NAC solution increases cost and complexity of development– Unlikely to work with other vendor products

• Microsoft’s initiatives is tied to “Longhorn” release– Other Windows OS requires another product

• TNC initiative remains a work in progress.– Still deciding which authentication protocols to

support.

Verinier Edgewall Network Access Management Appliance

• Verinier Networks has created a solution for dynamic enforcing security policies and access management control

• Provides 4 key access management functionsScreeningRestrictingInspectingEnforcing

Verinier Edgewall Network Access Management Appliance

“Life is Beautiful”