Security Standards

NetworkingSecure, High Capacity NetworkingWLAN SwitchPricing WebsitesCurrent ProjectsSecurityIntegrated Network SecurityEdge-Focused SecurityConnection-Focused SecuritySecurity Standards Current ProjectsIP TelephonyIP Telephony and IVRCall Center DemoTelephony SecurityE911Disaster RecoveryPricing ToolROI ToolCurrent ProjectsVideoNetworked VideoContact Us

You’re faced with a myriad of products that plug one or another of the many possible security holes in your enterprise. Some of them overlap partially or completely, and few of them were designed to work with any other security product. What would be great would be a unified security framework that you could install over your networks and all of the attached resources. This would have the following benefits:

All of the security devices would cooperate by passing information to each other, and in some cases one device could be commanded by another, for integrated action against intrusions or other problems
You could assure that there were no gaps in security coverage
A single command and control environment would lessen the burden of managing many different devices and applications
You could get integrated reporting covering multiple security modes, which is probably necessary to really understand in depth what’s going on

Well, sad to say you can’t get there today. But there are a couple of security framework products on the street now that can go part way to meeting these future benefits (we offer one of them, of course). And in the future you’ll have one or more standard products to consider. At this time there are three major contenders for the mantle of standard, integrated security framework.

The first is the one with the most potential to be the generally-accepted, industry-standard system for incorporating multiple security products into a homogeneous whole. This is the Trusted Computing Group’s (TCG’s) Trusted Network Connect (TNC). Really bad acronyms, but a good potential alternative. This has most of the computing industry supporting it, because it doesn’t lock out any vendor. It’s a set of standard API’s that vendors write their products to work with. In this way you can buy, say, a best-of-breed console to manage best-of-breed end point virus scanning, pair it with a network access control system, add a reporting module, add an intrusion protection system and upgrade your existing network equipment to work with all of it. There are products on the market now (which you’ll have to really work hard to get working, and then to keep working), and more products pending. We think that in two or three years you’ll have an actionable set of products from this alternative.

The downside to this alternative is that it’s an industry consortium instead of a single (and single-minded) vendor. This means that development will be slower, and at times hostage to competing interests. Stay tuned…..

The second one is posited by one of the industry heavyweights, Microsoft, with its Network Access Permission (NAP) system. This will be brought to fruition in later versions of Vista. Good news if you’re running Microsoft, and aren’t inclined to use Linux or some other operating system on your desktops and servers. Microsoft is also keeping its foot in the TCG camp, too, to hedge its security bets. We really can’t see this as a candidate for end-to-end security since Microsoft has no hand in anything but its own software, but it will be a necessary plug-in to either the first (TNC) candidate, or the following security framework (read on).

This third alternative is also brought to the dance by another industry heavyweight, Cisco. Its NAC (Network Admission Control) initiative is designed as a network equipment-intrinsic alternative for network access control, automated action, and security control. And by network equipment we mean Cisco network equipment, of course. This is to be expected, as Cisco’s core purpose is to sell more Cisco network equipment. If you’re a Cisco-only shop, or moving in that direction, and have some Cisco engineers on staff who have time to take on more Cisco certifications, this probably makes sense.

What to do? As said, if you’re an all-Cisco shop and have the money to spend in upgrades and training, you have a clear path to a Cisco-flavored security framework.

If you’re not one of those organizations, then you have a couple of choices. The first is to stick with what you have now and run a fragmented or incomplete system until you move to a TNC-flavored product. The second alternative is to embrace one of the existing, partial frameworks, and move that to a TCG-based complete system in the future when it’s appropriate. This can be something that Microsoft comes up with for servers and workstations, or it can be one of the systems that we represent or a competing system.

Having said all of that, though, you probably have a lot of latent security capability in what you run today in your network equipment, management software, and client operating system and scanning software. You might want to get with your existing vendors to explore what they have added to their products that you currently use. You might be pleasantly surprised by what you already have, and how that can be used to protect your networks and network-attached assets.

For more information, contact us.

We are open Monday through Friday, 9am to 5pm EST.

	770.926.1884
	770.926.9448
	Send An Email
	MXN Corporation PMB 306 1025 Rose Creek Dr, Suite 620 Woodstock, GA 30189