Traditionally, many IT specialists have seen networks as an open channel. They allow an infinite variety of devices to communicate, and the best networks make communication simple, free, and instantaneous -- like the air we breathe. Back in the early days of the Internet, shell accounts were gratis for the asking. Few people used passwords. It was an easy and altruistic era.
But that was a long time ago.
We have long since learned that we have to protect ourselves from the more aggressive Internet users, whether those who do it for nefarious purposes or those who contend that they are just trying to make us aware of our vulnerability. Firewalls, traffic filters, intrusion detection and prevention, and other security devices are now assumed components of a responsible network infrastructure. We feel protected from those external forces. The problem is that those forces have ways of getting inside our perimeter. So we need more protection.
This is where policy-based networking enters the fray. Comprising a range of technologies, including NAC (network access control), traffic analysis, filtering, and reporting, policy-based networks proactively address both organizational requirements and the realities of an unfriendly world. The goal of a well-designed policy-based network is to look free and open to all valid traffic, while coming across as a bit bucket to anything unauthorized.
In earlier NAC reviews (see "NAC smorgasbord: Four ways to police the network" for our reviews of Enterasys, McAfee, Symantec, and Trend Micro, and "NAC appliances reveal who's rapping at your network door" for a look at Caymas -- now Citrix -- as well as Lockdown, Nevis, and Vernier), we began the process of differentiating approaches to policy-based network solutions even as the hype around NAC grew to a fever pitch. After all, the point is solving the business and security problems.
In this and a series of companion upcoming reviews, we will look at the continually evolving world of NAC and policy-based networking. There is some confusion in terminology, since Cisco Network Admission Control (CNAC) is a Cisco-proprietary solution for network access control. We will be reviewing a wide range of NAC solutions (including CNAC), so all references to NAC refer to the more generic concept of controlling access to a network. For each review, we look at the product's ability to address a set of typical enterprise policies and distinguish the ways in which the product does that. As you read all of these articles, the key is to consider your requirements from within the universe of possible policies, especially in terms of the granularity of both the policies and their enforcement. You will also want to consider how you want to interact with the system and whether ease of policy creation, policy modification, or reporting are your most vital requirements.
For this test, we followed the same testing scenarios as in the February 2007 tests.
| Test Center Scorecard | |||||||
|---|---|---|---|---|---|---|---|
 |  |  |  |  |  |  | |
| 20% | 20% | 20% | 15% | 15% | 10% | ||
| ConSentry LANShield Switch | 6 | 9 | 7 | 9 | 8 | 8 |
7.8
Good
|
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
Recommend This
