This article can also be found in the Premium Editorial Download "Information Security magazine: CISO survival guide: 18 of the best security tips."
Download it now to read this article plus other related content.
|Let me in|
With perimeters eroding and extranets growing, security organizations need to counter new threats. Here's how:
Pre- and Post-Connect NAC
To counter problems posed by a contractor, for example, plugging a device into a corporate network, organizations have turned to network access controls (NAC). Pre-connect NAC is gaining mainstream presence, and is bought either as a standalone solution or packaged with an SSL VPN. Pre-connect NAC verifies a connecting device complies with access policies. Non-compliant devices are denied or quarantined.
Post-connect NAC, meanwhile, is not widely adopted, but is the next frontier. Post-connect NAC monitors traffic after a device is granted access. It is especially useful cordoning off malware to a particular network segment.
"Post-connect NAC gives you the ability to take IPS functionality and bring it into the LAN," says Gartner analyst Lawrence Orans. "IPS is priced too high for deployment in every wiring closet."
Security Acceptance Testing
Outsourcing application development offshore?
Many organizations are, but how many are including language in service-level agreements for security acceptance testing? Ed Adams, president of consultancy Security Innovations, says organizations should demand
| to know from developers and vendors how security is integrated into the development lifecycle. Are there security reviews at each phase of the build? How are apps security-tested? What security training is provided to development teams?
"You have to contractually include language for acceptance testing when the app comes back," Adams says. "Demand third-party security certification."
Safety in SSL
It's no secret SSL VPNs are nudging IPsec off their perch as the de facto VPN standard. The Menninger Clinic in Houston allows physicians, clinicians and executives to tunnel into the corporate network via SSL, safely accessing patient data and business documents, and maintaining HIPAA compliance. Vendors also remotely support systems via the same NeoAccel VPN.
"It's very easy to partition access to files or applications and assign permissions since we've tied it to Active Directory," explains security manager Kevin Monser.
This was first published in July 2007