Managing network policy

Managing the complexities of large, distributed networks is a daunting task, with hundreds, even thousands, of mixed-vendor bridges, switches, routers and gateways. Managing the security settings on these devices from a central console sounds wildly impractical -- the requirements are complex, and there are too many fast-moving parts. But, the demands of global business and regulatory compliance are forcing enterprises to consider management consoles that push granular policy updates to heterogeneous devices. There are several environments in which this functionality is critical:

• Multinational enterprises, which may want to segment their networks to comply with the regulatory requirements of the host nation.
• Manufacturing environments, in which headquarters may need an administrative connection to the plant but the company doesn't want anyone or anything touching the computers running the assembly line.
• HR and finance departments, which share a lot of sensitive information among themselves and little with other employees and customers.
• Business partner connections or newly acquired enterprises, where the "other end" of the network is unknown.
• Enterprises carving out logical networks for users, Web server farms, management backbones, etc., with specific risk thresholds and security requirements.

• Join us for a live interactive webcast on Thurs., July 29 at noon ET with Christopher King on policy compliance for end-point devices. (Webcast will be available on-demand after July 29.)
• Learn more about network device compliance in this Security Tool Shed column.
• Attend Information Security Decisions Oct. 6-8 in Chicago and learn more about the latest developments in network and endpoint security.

Managing each ...

• Gold Wire Technology's Formulator manages ACLs and other configuration parameters and provides infrastructure integrity to network devices, popular firewalls and Linux and Solaris OSes.
• Voyence's VoyenceControl! is a Java application that provides lifecycle change management services. It features support for templates, rollback and workflow.
• Rendition Networks' TrueControl is a Windows 2000 application that manages many network devices, including wireless access points and VPN concentrators.
• Intelliden's R-Series software is a Java application that performs device modeling along with its core network configuration features.
• Solsoft's Policy Server models a network and provides "point-and-click" security design, automatically calculating the ACLs required to allow access from a source endpoint to a server. It pushes out these changes and keeps track of them.

Today's enterprises and their distributed environments are too complex and their requirements too diverse to manage efficiently, but manage them you must. Network security provisioning solutions offer an option that makes sense.

About the author
Pete Lindstrom, CISSP, is research director at Spire Security.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Information Security Policies, Procedures and Guidelines,   Information Security Management,   Guest Commentary,   Network Security: Tools, Products, Software,   Network Device Management,   Enterprise Network Security,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Information Security Policies, Procedures and Guidelines Health Net breach failure of security policy, technology How to protect distributed information flows Essential guide: Pandemic planning for H1N1 Whitelists, SaaS modify traditional security, tackle flaws Melissa Hathaway urges more cooperation, government attention to cybersecurity Reuters: Obama ready to select cyber security czar How a corporate Twitter policy can combat social network threats Should enterprises be concerned with Twitter in the workplace? Information security management hype: Debunking best practices Data breach avoidance begins with security basics, panel says Guest Commentary Google hacking exposes a world of security flaws Eliminating the threat of spam email attacks Outsourcing IT services: Is it worth the security risk? How permanent is your storage solution? Honeypots can strengthen reconnaissance and lower intrusion noise Freedom of speech or lack of professional responsibility? This year compliance, next year control Senior security member explains his position on Abagnale Computer Security Institute's leader responds to Abagnale flap Spokesman or poster child? Network Device Management How to prepare for a secure network hardware upgrade Researchers find thousands of flawed embedded devices Is there a way to block iPhone widgets that bypass Web filters? Will an application usage policy best control network bandwidth? What is the difference between static and dynamic network validation? How to manage network bandwidth with distributed ISP bandwidth DNSSEC deployments gain momentum since Kaminsky DNS bug Firewall rule management best practices What are best practices for fiber optic cable security? The requirements for being a PCI DSS-compliant service provider RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary defense in depth  (SearchSecurity.com) non-disclosure agreement  (SearchSecurity.com) security policy  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.