There are currently a number of compelling and effective firewalls on the market. However, these firewalls protect your company`s network boarders. Gary Boniface, CSO Manager at 3Com, discusses how you can protect your company against users and other factors that are threatening your network from within.
No doubt, data network security concerns are running at an all-time-high. Not only are CIOs and information systems managers looking at more compelling solutions, but vendors are also revisiting their network offerings - adding security features where possible.
Existing network components such as routers and switches are - to a certain extent - capable of performing security functions - but they still don`t provide all the functionality needed to fully protect your network.
Gartner Dataquest confirms this by commenting in a recent report, "NIC Firewalls: The missing link to end-to-end security", that routers and switches have the primary task of routing and switching and not security.
Enterprise firewalls on the other hand do act as an effective means of security to outside onslaughts, but it cannot enforce policies once users are inside the network.
Vendors are, therefore, now developing solutions that are not just capable of protecting organisations from outside world, but also secure them from within.
Currently, there are a number of security and networking providers that are deploying security solutions within the network. Some operating systems (Oss) offer, for example, Internet Protocol Security (IPSec) encryption.
Embedded firewalls
But, there is a more comprehensive solution available to enterprises. Embedded firewalls provide security at the actual endpoint of the network. Running on a network interface card (NIC), it protects companies against costly, and in many cases, embarrassing damage and mischief caused by disgruntled employees and other business associates who are already inside the network.
It is estimated that 70% of network break-ins occur internally. Though executives routinely exchange confidential financial information and other data on the LAN, these communications are unprotected from disloyal employees.
This is why it is so important that security must be as close as possible to data it is protecting.
According to Gartner Dataquest, data network security is required at three different levels within an enterprise:
"While the corporate-level and the department-level security are centrally controlled by the IT team, the user-level security is left to the end-user to implement, making it difficult to enforce and manage," says Gartner Dataquest.
Embedded firewalls on NICs offer a solution to companies` user-level security concerns. It disallows users from opening up unauthorised Web server ports or File Transfer Protocol (FTP) server ports on workstations containing sensitive data. They can also contain malicious attacks such as Code Red.
Embedded firewalls allow network administrators to implement workstation-level policies in response to network emergencies, which can then be centrally controlled regardless of operating system-specific nuances.
Another key benefit is that embedded firewalls disallow access to unauthorised ports. Traditionally, default operating systems open up access to ports such as Transfer Control Protocol (TCP) 80 ports - however, embedded firewalls counter this.
Securing e-commerce systems
Embedded firewalls can be valuable to e-commerce systems. They can restrict access to critical host computers such as Web servers and other important databases, therefore reducing their vulnerability.
Importantly, embedded firewalls enforce two important security concepts, separation of duty and least privilege.
With separation of duty, system administrators can assign separate sets of duties to people. This reduces the risk of mischief as the range of tasks a single person can perform is limited.
In an e-commerce site, for example, you could establish a separate set of duties for the people maintaining the Web`s site contents, and for people who fill orders and handle other customer matters.
Likewise, the order handling team may not need direct access to the Web servers. And this is where the concept of least privilege comes in. Access restrictions ensure that people only have as much access to critical systems they require to get their job done.
The order handling team would be able to access to the DBMS, but not the Web servers, while the Web content team would be able to access the Web server but not the DBMS.
Embedded firewalls restrict access at the network level. The bottom line is that an insider cannot steal a database if he cannot even send a message to tell the DBMS to divulge its secrets.
Share
Editorial contacts