This article can also be found in the Premium Editorial Download "Information Security magazine: CISO survival guide: 18 of the best security tips."

Download it now to read this article plus other related content.

Let me in
With perimeters eroding and extranets growing, security organizations need to counter new threats. Here's how:

Pre- and Post-Connect NAC
To counter problems posed by a contractor, for example, plugging a device into a corporate network, organizations have turned to network access controls (NAC). Pre-connect NAC is gaining mainstream presence, and is bought either as a standalone solution or packaged with an SSL VPN. Pre-connect NAC verifies a connecting device complies with access policies. Non-compliant devices are denied or quarantined.

Post-connect NAC, meanwhile, is not widely adopted, but is the next frontier. Post-connect NAC monitors traffic after a device is granted access. It is especially useful cordoning off malware to a particular network segment.

"Post-connect NAC gives you the ability to take IPS functionality and bring it into the LAN," says Gartner analyst Lawrence Orans. "IPS is priced too high for deployment in every wiring closet."

Security Acceptance Testing
Outsourcing application development offshore?

Many organizations are, but how many are including language in service-level agreements for security acceptance testing? Ed Adams, president of consultancy Security Innovations, says organizations should demand

    Requires Free Membership to View

to know from developers and vendors how security is integrated into the development lifecycle. Are there security reviews at each phase of the build? How are apps security-tested? What security training is provided to development teams?

"You have to contractually include language for acceptance testing when the app comes back," Adams says. "Demand third-party security certification."

Safety in SSL
It's no secret SSL VPNs are nudging IPsec off their perch as the de facto VPN standard. The Menninger Clinic in Houston allows physicians, clinicians and executives to tunnel into the corporate network via SSL, safely accessing patient data and business documents, and maintaining HIPAA compliance. Vendors also remotely support systems via the same NeoAccel VPN.

"It's very easy to partition access to files or applications and assign permissions since we've tied it to Active Directory," explains security manager Kevin Monser.

This was first published in July 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: