Industry View
5 Things You Can't See on Your Network
How business practices have changed the risky activity on your network
By Jeff Prince, Chairman and CTO of ConSentry Networks
IP addresses don't equate to users: Looking for IP addresses to be a proxy for users can similarly put an organization at risk. IT often relies on spreadsheets to track addresses and tie them to usernames. In one case, a company's spreadsheet indicated that a certain IP address belonged to a switch port, and so that port was grouped with other "management" devices and assigned a policy to use only relevant management applications. Imagine the confusion when policy violations abounded. By looking at detailed flows, they were able to identify the "sender" as a user, and not a switch. This situation could easily have created the possibility for duplicate IP addresses and network loops, for example, or for users to be incorrectly grouped and accidentally given access to sensitive financial data. With only IP addresses to keep tabs, an organization truly has no idea about who is doing what on the network.
Illegal downloads: Being able to tie media downloads to individuals is key not only to retain productivity (and server space!) but also to meet compliance needs. Any organization where such activity is happening ends up liable, and the MPAA and RIAA are adamant about enforcing copyright violations. Given the chance to link download traffic to a specific user, IT can go to that user and reiterate the Internet usage policies, possibly saving a friend's job or a student's enrollment.
The changes in business practices I mentioned previously are happening very quickly, and IT must be able to tie traffic to user names. This facility is critical for enforcing access policies, achieving enforcement, satisfying compliance demands, meeting industry audits, and ensuring employee productivity. That level of visibility in the LAN is essential for IT to control what users can do on the LAN, because you can't control what you can't see.
So for a variety of reasons—data protection, employee productivity, simplified IT operations, and perhaps someone's job—IT should look for ways to more clearly know the identity of the users on the LAN and the full range of applications in use. Whatever the mechanism, IT will reap many rewards from identity-based user and application control. ##
Jeff Prince is chairman and CTO of ConSentry Networks. Prince holds eight industry patents related to networking technology and co-founded three of the industry's most innovative networking companies. Prince has more than 18 years of experience developing networking and ASIC technologies. As a founder of Foundry Networks (FDRY), Prince lead Foundry's hardware engineering group before founded Centillion Networks, which was acquired by Bay Networks in 1995.
network
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
