Martin May, regional director of Enterasys Networks SA, looks at the concept of the User Personalised Network, the new-generation authentication technology that supports it, and how it will impact on the networks of the future.
The current challenge for organisations as they move forward with technology and participate in e-business initiatives is to maintain a secure network system that allots resources according to department, division, or user - while accommodating the growing number of mobile users.
These resources may vary considerably. All departments may need e-mail, while others may require access to an array of specialised applications. Only those in the finance department will need access to the accounting applications.
At the same time, organisations have various policies upon which they conduct their everyday activities. These policies address security issues such as which documents are confidential, who can or cannot address certain information, and so on.
Enterasys has developed a technology called the User Personalised Network (UPN), which incorporates an organisation`s security policies into the network hardware in order to align users with the tools they need.
User Personalised Networking solves the problem of security and mobility by allocating resources based on who the network`s users are, what their role is, and what they can or cannot access - regardless of their location, or which computer they are using. The user personalised network technology takes a holistic approach to security in networks.
Along with aligning IT with the business, the UPN solves many high-level issues facing businesses today. It allows an organisation to set up user-specific quality of service and bandwidth specifications, as well as maintain them when an employee changes workstations or departments.
This ensures the network delivers the service that each member of the department requires, all the while executing the security policies.
This type of network further extends the life of IT investments by better conserving network resources on a per-user and per-department basis. Network managers can maximise their systems` uptime by customising bandwidth so that time-critical applications, like e-mail or e-commerce, receive priority over non-business activities, such as Internet radio.
At the same time, the UPN increases productivity by giving employees immediate access to the resources they need, regardless of where they log on to the network. This also eliminates the need to reconfigure a computer to accommodate an employee`s security allowance each time he or she changes workstations.
By determining which resources or databases employees can access, it further increases network security and ensures vital information is kept secure. This prevents both internal users and external infiltrators from misusing resources and accessing confidential information.
What makes the UPN concept so revolutionary is that the organisation`s own rules are integrated into the hardware of the network, as opposed to being programmed into the software of the individual computers.
The UPN consists of three components: authentication, role-based administration, and the service-enabled edge. The most significant of these is authentication.
While authentication, or user login, is usually seen as a security function rather than part of the network system, it is the only reliable method for identifying a person on the network. It is extremely secure - if the system doesn`t know recognise the employee, he or she cannot gain access to the network.
Authentication works using one of two ways, depending on what type of operating system the organisation is using. In future, most new operating systems will support the IEEE wireless networking standard known as 802.1x for enterprise environments.
With this particular operating system, the UPN uses the 802.1x protocol to communicate between the employee (and the operating system) and the first switch they encounter. The switch processes the information by connecting to a back-end RADIUS server, which in turn communicates to a central network directory server.
If the organisation does not have an operating system that supports 802.1x today, the employees can log in using a Web browser window, allowing mobile users to access the network.
This authentication system also prevents denial of service attacks, which usually happen when a Web server is flooded with false requests for information, overwhelming the system and crippling it.
Traditionally, IT administrators determined the identity of a user by either their MAC (Media Access Control), or IP (Internet Protocol), address - both numbers help identify a particular network on the Internet as well as the particular device, such as a computer, within that network.
But, because MAC and IP addresses can change frequently, either by switching workstations or by using IP addressing software, they are not sufficient in determining the identity of a person, especially as the workforce becomes increasingly mobile. Therefore, authentication is a better indicator of a user`s identity, plus a solid mechanism with which to enforce an organisation`s policies.
It is no doubt that the network has become a strategic business asset for any organisation. It allows employees and departments to share valuable information, services and resources, thereby increasing productivity and decreasing material costs. However, by doing so it poses a security risk for enterprises that house confidential documents and information within their network.
Programming individual computers to accommodate various employees can be a costly and time-consuming procedure, as well as an unreliable one when it comes to mobile users.
Therefore, the network must be engineered, configured, and managed to meet the demands of the work environment while aligning with the security policies. Increased security, greater productivity, and mobile accessibility can be achieved with a network that understands the concept of people and can accommodate individual users and departments.
Share
Editorial contacts