Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Fighting complexity in network security policies

Fortinet : 08 July, 2013  (Technical Article)
Fortinet provides advice on keeping network security policies simple and effective as complexity continues to increase in the enterprise
Fighting complexity in network security policies

Despite the fact that the typical enterprise user employs multiple devices, exchanging information from many locations and using application data across hybrid cloud infrastructures, the network security management of most organisations still struggles to accomplish secure unified access without leaving a morass of duplicated and often contradictory policies in their wake. According to Fortinet, a leader in high-performance network security, the escalating number and complexity of security rules and policies accumulated by organisations over time is leaving many unable to respond effectively to the changing threat landscape.

“Rules are constantly added to security devices, but seldom removed, and this complexity is spiralling out of control,” said Darren Turnbull, VP Strategic Solutions at Fortinet. “Administrators find it increasingly challenging to understand the security they are implementing and are under impossible time pressures to troubleshoot new problems. The risk is that security holes open up amid the chaos. The answer to complexity is not more complexity.”

The following are Fortinet’s top five tips for minimising ‘policy accumulation’:

1 Drive Application Awareness. The process of simplifying security policies is challenged by the introduction of application-aware security; a key tenet of next-generation firewall technology. Critical, however, is the ability to attach this to individual user-IDs in one place, and enforce it throughout the network and across network security functions.

2 Enable Single-Sign On. In reality, the added granularity that arises from running distinct security policies according to each different authentication environment can be burdensome to security management. Applying Single Sign On (SSO) is another instance where (when implementing the correct approach) simplified security policy need not be at the cost of losing valuable context about the user’s location or device.

3 Unify Wired and Wireless Network Visibility & Control. Runaway policy accumulation invariably occurs where wired and wireless network access is entirely separate for management purposes. Where both coexist, wireless is typically the more dynamic environment with similar levels of traffic as wired infrastructure; compounding the rationale for integrating both (including user-centric policies) for easier oversight and simplified monitoring and compliance.

4 Rationalise Network Security. Managing a large estate of specialised security devices from many different manufacturers is a sure fire way of multiplying the number of live security policies. Deploying a suite of complementary systems from the same vendor reduces operating costs by enabling easier and more responsive management with less policies, higher performance and better overall security. It also enables network access policies to be integrated with all other security policies.

5 Focus Smart Policies by Users and Devices. iOS, MacOS, Windows, RIM, Android, Ubuntu, Unix, Linux all require policy differentiation at some level, which can have a huge drain on management time. Combined with a SSO approach to policy enforcement at a unified ingress point onto the wired/wireless network, all policies can be determined according user ID, device type and location.

Fortinet has followed up the release of its new FortiOS 5 operating system with a new white paper resource for security administrators to easily and seamlessly implement ID-based ‘smart policies’ across their wired and wireless network infrastructures. Entitled “Making Smart Policies with FortiOS 5”, the white paper shows how organisations can unify access and security policies, apply an integrated, ID based authentication and authorisation model, and benefit from simplified visibility of detailed real-time data.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo