|
| |
» |
|
|
|
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
| In today's complex and constantly changing business world, employees, partners, customers, vendors and contractors all require different levels of access to different areas of the Local Area Network (LAN) at different times for different business purposes. As a result, enterprises must have business security solutions that provide detection and enforcement at every point of network access. To that end, corporations need a comprehensive, strategic approach to access control. It sounds simple enough: who gets in and who doesn't. But the issues involved can be complex, and the threats are real and growing.
Consider this: more than 90 percent of the 530 companies polled in one survey1 admitted to security breaches. Not surprisingly, 82 percent of the companies identified external threats like hackers as a likely source of those breaches, but 77 percent of the companies also identified disgruntled employees as another likely source.2 That's why smart corporations are not only focused on preventing unauthorized access but also detecting and enforcing policies at every point of access for all authorized users.
|
| |
| | |
|
|
| | |
|
| "The No. 1 issue is a general complacency that somehow a security breach, if it happens, will have a small impact on the organization. So many companies, even the larger, better-established organizations, do not put enough resources into preventive strategy, and they spend an inordinate amount of resources when a disaster or problem hits."3
|
| |
| | |
|
|
|
| However, a substantial number of corporate networks still have vulnerabilities, including unprotected LAN ports that are easy prey for viruses, hackers and malicious users. The 2003 FBI/Computer Science Institute Computer Crime and Security Survey states that many companies "simply do not know what's going on within their networks."4
|
| |
|
|
|
| Those companies face substantial risk and have little chance of constructing an audit trail to find out how or why an incident occurred.
But there is a better way.
HP developed the ProCurve Networking Adaptive EDGE Architecture™ specifically to address this issue. Within the architecture, the ProCurve Access Control Security solution enables Chief Information Officers to retain central command of their LANs but push access control to the LAN edge. An infrastructure built on the Adaptive EDGE Architecture provides a secure, robust LAN for current network traffic. It also provides a better way for corporate LANs to integrate future applications and traffic.
The network edge is the place where users and applications connect, where traffic enters and exits the network, and where the network must determine how that traffic should be handled. The edge is where security policies can be enforced most effectively, where the user gains access after being authenticated by a central command resource.
The ProCurve Access Control Security solution offers a comprehensive approach to access control. The Adaptive EDGE Architecture provides control and functionality without adding unreasonable network complexity, overextending budgets or compromising future flexibility. The ProCurve solution provides comprehensive security that includes pre-set rules for end users governed by a central Information Technology command structure, control of individual user access at the edge of the network LAN and a clear audit trail so the company can track and monitor network activity.
This paper explores how this comprehensive approach simplifies network access management, creates a secure, intelligent wired and wireless environment and provides affordable network security that detects all users and enforces all corporate policies at every access point.
1 2003 FBI/Computer Security Institute annual "Computer Crime and Security Survey"
2 ibid
3 Larry Ponemon, Wall Street Journal Q&A, Feb. 24, 2003
4 ibid
|
| |
|
|
|
| |
|
|
| When it comes to controlling access to their LANs, many corporations leave their virtual doors open and their virtual windows unlocked, providing unrestricted access to a variety of end users. That lack of infrastructure presents little challenge to any malicious users and is one reason that 80 percent of corporations surveyed in the 2003 FBI/Computer Science Institute Computer Crime and Security Survey reported internal security incidents. |
| |
| | |
|
|
|
|
| |
|
|
Any comprehensive access control solution must identify individual users, establish the types of services they are authorized to use and set their access levels accordingly. The ProCurve Networking Access Control Security Solution offers several benefits to CIOs and end users.
Four key elements comprise ProCurve Networking Secure Mobility Solutions:
-
Centralized command: It enables corporations to construct an intelligent access control solution that offers central command over the network.
-
Access control at the LAN edge: It efficiently delegates access, authentication and tracking capabilities to switches and software that sit at the very edge of network LANs. Pushing access control to the LAN edge enables decisions to be made immediately rather than deferring them to the core. It also prevents potentially malicious traffic from gaining access to the LAN.
-
Secure and easy to use: It provides a computing environment that's more secure yet easy to use, because every time end users log in it's customized to recognize who they are and what they need to do.
This is a fundamentally different approach than that of many current corporate access control systems, and migrating toward it requires a clear evolutionary path. This is especially important as end users tend to willingly adopt new procedures only if they are easy, simple and build on their existing infrastructures.
ProCurve provides an affordable solution that can grow with a company's needs or work with its existing computer infrastructure. A smart architecture and a clear migration path are essential ingredients for building an intelligent network that can keep corporations truly secure.
» Return to top
|
| |
| | |
|
|
|
| |
|
|
| Network access control resembles an airport—there are different levels of access for different employees, people come and go at all hours and they have to swipe an access card or provide ID to enter certain areas. This helps secure the various areas—and keeps the employees and guests safer. ProCurve solutions monitor all areas of a LAN to keep intruders out and track workers who are inside.
|
| |
| | |
|
|
|
|
|
| |
|
|
| The ProCurve Access Control Security Solution segregates networks. For example, in figure 3, the LAN has been divided into a series of access zones. If an employee works some of the time in a secure area, like a research and development (R&D) laboratory, he has access to both the private R&D LAN and the public Internet. But if he leaves the secure area his access can be limited to just the public Internet so that sensitive information isn't accidentally seen by unauthorized people. This can be accomplished without requiring the employee to take any action. The network simply adjusts based on his location. Also, if a guest visits the company's lobby before 9 a.m., she can't access the public Internet or the company's LAN. At 9 a.m., the guest can access the public Internet but she still cannot access the company's LAN. |
| |
| | |
|
|
|
|
| |
|
|
| Because robust network security is such a high priority to you, HP recommends that you have an ProCurve Elite Partner assess, deploy, and maintain the ProCurve Network Security services to fit your needs. ProCurve Elite Partners, trained in ProCurve Network Security services, offer services designed to integrate your new Access Control Security solution into your existing network.
ProCurve Elite Partners have a comprehensive understanding of networking and offer a broad suite of product and application services, including systems integration and network design, installation, configuration, optimization as well as network lifecycle support. ProCurve Elite Partners are required to have achieved the highest level of certification in network solutions planning and design as recognized by Hewlett-Packard. ProCurve Elite partners are the partners of choice for our most demanding customers.
With a ProCurve Elite Partner, you are assured of having a partner and advisor that you can depend on and trust to deliver a best in class solutions that will effectively address your IT requirements and ultimately, your business needs. ProCurve Elite Partners are committed to excellence, quality and integrity.
» Return to top
|
| |
| | |
|
|
|
The lack of access control measures also presents a huge liability for the corporations. For example, in Figure 1 there are virtually no access control measures in place. A guest can access a LAN containing sensitive research and development information right from the company's lobby or parking lot. The lack of access control measures can easily mean the loss of a company's hard-won intellectual property or competitive advantage.
The 
In this scenario, ProCurve allows the company's network administrator to authenticate its LAN users based on a variety of factors, including membership in a particular group, individual identity, time of day, physical location and job roles or responsibilities. The bottom line—more productive end users and a more secure network.
