The current enterprise networks consisting of multiple remote access connections by employees and outsourcing companies. Too often, the inherent security risks, see from these connections outside the network. Continuous improvements have been made, to improve security in today's network infrastructure, with particular attention to users accessing the network from outside intrusion and endpoint monitoring is critical for companies to protect their digitalGoods.
Install the right software for the specific needs of your IT infrastructure is important, with the best security precautions. Many companies install "off the shelf" software security, assuming that they are protected. Unfortunately, this is not the case because of the nature of today's threats from the network. The threats are numerous, including the usual spam, spyware, viruses, trojans, worms, and the occasional possibility that a hacker has targeted the server.
L 'to neutralize an appropriate security solution for your business almost all of these threats to the network. Too often installed with a software package, network administrators spend much of their time to defend the integrity of its network perimeter to prevent attacks by the hand and then manually patch the security hole.
Pay for network administrators to protect the integrity of the network is an expensive affair - much more than installing the rightsecurity solution that requires your network. Network administrators have many other tasks that require attention. Part of their job is to work more efficiently your business - can not focus on them when they defend the network infrastructure has manually all the time.
Another hazard to consider is the likelihood that occur within the site, in other words, an employee. Sensitive information of the owner is usually stolen from someone on thePayroll. A real solution for network security must be protected against this attack and guard. Network administrators certainly have their role in this area through the creation of security policies and recommended their implementation.
An intelligent strategy for your network needs and to protect against various security threats, multi-layered approach to security. multi-layered security is a concept tailored to your specific network requirements with both hardware and software solutions. After the hardwareand software are working together to protect your business, be able to immediately upgrade their skills to meet the latest security threats.
security software can be configured to update multiple times a day, when demand, hardware upgrades in the control of firmware updates and the update wizard, very similar to that within the application software.
All in a multi-strategy fronts should be implemented on-one security suite for manySources of threats to enterprise networks today. Too often the sources of those threats arrive in spam with Trojans or spyware installation inside a hidden software overlap. Combating these threats requires the use of firewalls, anti-spyware, malware and spam protection.
Recently, the trend in the software industry has been to combine these previously separate security applications into a complete security suite. security applications in accordance withEnterprise networks are security suites that integrate to focus on a common goal. These security suites include antivirus, anti-spyware, anti-spam and firewall, all gathered in one application. Find the best stand-alone applications in each category of security risk is still an option, but not a necessity.
The all-in-one security suite, a software company money in reduced purchasing costs and save time with the ease of integrated management ofvarious sources of threat.
Trusted Platform Module (TPM) TPM is a standard keyboard developed by the Trusted Computing Group defines the hardware specifications to generate the encryption. TPM to protect not only against intrusions and attacks, but also the theft of the device with the chip. TPM chip to operate as a compliment to authenticate users to improve the authentication.
Authentication describes all the processes involved in determiningif a user is granted access to the corporate network is, in fact, claims to be the user. Authentication is granted more often with the use of a password, but also include other techniques for biometric data that uniquely identify a user, identifying a unique property has no other person like a fingerprint, or the characteristics of the cornea.
Today TPM chips are often integrated into standard desktop motherboards and laptops. Intel has begun integrating TPM chip in its motherboards in 2003, whenare other motherboard manufacturers. If a motherboard, this chip features within the specifications of the motherboard to be present.
These chips can encrypt data at the local level and greater security in a remote place such as WiFi hotspots full of computer users that seems harmless, malicious hackers to get bored. Enterprise and Ultimate versions of Microsoft Windows Vista operating system using this technology within the BitLocker Drive EncryptionFeature.
Although support Windows Vista for the TPM, the chips are not dependent on the work platform.
TPM has the same functionality on Linux, since it is not within the Windows operating system. There is also evidence by the Trusted Computing Group for mobile devices such as PDAs and cell phones.
To use the enhanced security the TPM, users need only download the network security policy to your desktop computer and run a setup wizard to create a series ofKey to that computer. By following these simple steps significantly improved the safety for the user's computer remotely.
Admission based on user identity construction of a user depends on passing the authentication process. As already mentioned, user authentication, is much more than a user name and password. In addition to an emerging biometric technology for user authentication, smart cards and security tokens other method, which amplifiesAuthentication username / password.
The use of smart cards or security tokens adds a level of hardware requirements for authentication. This creates a safety requirement at two levels to get a secret password and the other a hardware requirement that a secure system must identify before granting access.
Tokens and Smart Cards work essentially the same but look different. Coins look like a flash drive and connect up to takea USB port, and smart cards require special hardware, a smart card reader that connects to your computer desktop or laptop. Smart cards often take on the appearance of an identity document and may contain a photo of the employee.
However, the authentication is verified will be granted as soon as this happens, user access through a secure virtual network (VLAN) connection. A VLAN provides links to the remote user, as if this person was a part of the internal network and allows allVLAN members together, as part of distinct security policies are grouped together.
remote users to connect through a VLAN only needs to access network resources and how these essential resources can be copied or modified, must be carefully monitored.
have established figures of the Institute of Electrical and Electronics Engineers (IEEE), has conducted what is known as a secure VLAN (S-VLAN) architecture. commonly referred to as tag-based VLAN is the standard known as 802.1q.VLANs increase security by adding an extra day at the Media Access Control (MAC), the hardware on the network to identify a network. This method is not identified MAC addresses to prevent access to the network.
This concept of network segmentation work hand in hand with the VLAN links, determine the resources that a user can remotely using Policy Enforcement Point (PEP) for segments of the application of security policies across the network. L 'VLAN or S-VLANs can be treated as a separate segment with distinct needs PEP.
PEP uses a user authentication to the network to enforce security policies. All users connect to the network must be guaranteed by the PEP, to meet the safety requirements laid down in the PEP. The PEP determines which network resources a user can access and how these resources can be changed.
The PEP for the VLAN links must be made of what we can do the same thing to improvewith internal resources, this can be done through network segmentation, are just establishing links VLAN as a separate sector and enforce a uniform security policy in this segment. Definition of a policy in this way can also choose which segments of the internal network can access the client from a remote location.
Liaising VLAN as a separate segment and isolate security breaches in this segment, if it occurs. This has in itself the vulnerabilitySpread across the network. Improved network security even more, could be a VLAN segment dealt with their environment virtualized, remote and isolated all the connections inside the corporate network.
Centralized management of security policies, hardware and software technology, particularly the various aspects of security threats, provide different software platforms, each of which must be handled separately. If done incorrectly, this can be a daunting task for the networkincrease administrative costs and personnel to manage due to the exigencies of time greater than the technology (both hardware and / or software).
Integrated security suite of software centralization of security policy from a combination of all the attacks on the security threat in an application, requiring only a management console for administrative purposes.
Depending on the type of business you are in a security policy should be used at the enterprise level, which is inclusive forentire network. Administrators can define and manage security policy in isolation, but an imperative of policy must therefore be kept constant throughout the corporate network. This ensures no other security measures against the policy and the centralized control of what has been called the policy to be implemented.
Not only a security policy for central, easy to manage, but also reduces the load on network resources. Several securitypolicies by different applications are centered on a security threat defined include pork total bandwidth much more than a centralized security policy within a complete security suite. With all the threats from the Web to facilitate the management and use is essential to maintaining a corporate security policy.
Frequently Asked Questions:
1. I trust my staff. Why should I improve network security?
Even the employees are a familyRisk of breaching the security of the network. It 'important that employees follow safety standards established companies. Strengthening security is trying to end the employees and the occasional disgruntled employee who guard cause harm to the network.
2. These changes create a truly secure environment for remote access?
We do. These improvements not only improve significantly on a secure server VLANs, but also the widely accepted standard that are often integrated intocommon hardware and software. And 'there, the company must start with the technology.
3. My company is satisfied with the use of separate software, so any application can focus on a threat to the security separate. Why would an all-in-one security suite?
have extended many of the top software applications commonly used to identify companies to focus on all threats. These solutions include software, hardware and applianceProducers. Many of these companies saw the need for consolidation of security in early and bought smaller software companies to acquire the missing knowledge of their society. A suite of security at the application level, it is much easier and manage the IT staff will thank you.
4. I need to add a requirement for hardware authentication?
The use of security tokens or smart cards should be considered for employee access to the corporate network from remoteSite. In particular, when the employee needs to access sensitive company information while on the road, a simple thief flash drive Secure token prevents access to sensitive data on a laptop stolen.
5. With all these concerns WiFi hotspots use no employee should be required to connect these locations to the corporate network?
WiFi hotspots have sprung up at national level and are the easiest way for your remote workers to access the Internet. Unfortunately Hotspotcan also completely bored, unemployed hackers who do nothing better than finding a way to take a transfer of employees at the next table. This does not mean that people in the street hotspot should be avoided. Which would restrict access to the network. Thanks to technologies like S-VLAN and secure authentication in place, a company can implement technology to reduce the threats of today and tomorrow.
The application of the latest technology in network security is apriorities for IT management. Located in today's network environment with many users access to digital resources, it is important to correct network security during the planning phase of the integration process to get.
Of course it should be noted that the larger companies with multiple operating systems must be running (Windows, Mac O / S, etc.) and that many of these companies all-in-one security suite of some of the challenges in a mixed environment of face operating system environment.
Therefore Istress that we need to consider multi-level security solutions (hardware and software) and not only on software applications to protect your digital assets. As technology changes so the chances of security breaches.
Because these threats are increasingly sophisticated hardware and software developers continue to innovate and is essential for businesses, and implement these technologies.
No comments:
Post a Comment