Network security: get a complete view of your network
By Ofir Arkin and Ray Binnion
What's on your network?
This is a simple question but most IT managers cannot give an accurate answer.
Almost any device with an RJ-45 socket can be connected to most enterprise networks without the knowledge of IT staff. As a result, rogue devices often operate freely on the network. Anecdotes of employees who connected unauthorised wireless access points to "ease their workload" are far too common.
If they stay undetected and uncontrolled, these devices expose the enterprise to ongoing risk. They threaten network security and the stability of business operations.
At the same time, many legitimate devices that belong to the enterprise are invisible to IT staff. Known limitations in traditional network management tools prevent them from identifying firewalled devices, virtual machines and those devices not connected to the network at the time of a scan.
The 451 Group estimates that existing approaches to asset inventory tracking and network discovery may detect only 55-75% of devices. Our experience teaches us that most enterprises have 20-50% more devices running on their networks than their IT team knows of.
A combination of ineffective tools and frequently stretched resources leave most IT teams unable to maintain an accurate asset inventory or accurately document the devices operating on their networks. Despite this, they have a responsibility for management and security.
Any IT initiative that cannot see the entire network fails to deliver value or to meet its intended objectives. Take, for example, network access control (NAC). In a report on the NAC market, the 451 Group warned that a NAC deployment covering only the 70-80% of devices that happen to be Windows PCs, but does not extend to every connected device, is inviting problems.
Logically, the first step in the process of deploying NAC (or undertaking any other IT project) is to audit the network. By identifying and profiling all devices connected to the network, IT planners can pinpoint non-compliant, unmanaged and rogue devices even before activating NAC.
In addition, maintaining a live view of the entire inventory of network assets enables NAC to operate in real-time and to apply to the complete infrastructure.
Conversely, if NAC does not know about every device on the network, the implementation will fail to stop rogue elements from operating on the network and the enterprise will remain vulnerable to compromise.
There are many other examples of IT initiatives that require complete visibility and knowledge of the network to be effective. Patch management, regulatory compliance, intrusion prevention, software licence control and migration of operating systems all need to take account of every network asset. In addition, IT help desk operations rely on this information being complete and current in order to deliver an efficient service.
Back to our original question what's on your network? IT managers who can answer this question accurately are well-positioned to manage and secure their networks effectively.
Ofir Arkin is the founder and CTO of Insightix. Ray Binnion is the non-Executive Chairman of Defend-IT Ltd.
This was first published in August 2008