Get-tough network policies now the norm

The anything-goes days of enterprise networks are over. Welcome to the new reality of quarantines, managed assets and reined-in power users.

Hard to believe, but there was a time when IT executives on tight budgets didn't think twice about letting power end users connect to the corporate network using home PCs.

But with today's heightened consciousness about network security, and with the steady stream of vulnerabilities in the news, such liberal computing policies no longer make sense.

These

[XP SP2] nags people to do the right thing, it doesn't force them to do the right thing.


Mike Cherry, analyst,

Directions on Microsoft

,
new realities have spawned a few trends. For one, companies are rethinking how they let users connect to the enterprise. Many IT executives are telling their end users that they can only connect to the enterprise using an approved and managed IT asset.

On the vendor side, some of the emphasis about how to keep an operating system secure is shifting away from the patching process and into the realm of building tougher perimeter security. Companies like Cisco Systems Inc., InfoExpress Inc. and now Microsoft, are developing perimeter access methods that quarantine a PC that doesn't have the proper virus definitions.

Many IT shops, particularly those in engineering fields with big populations of power users, have made changes in light of their new security needs. Tennessee Valley Authority (TVA), the Knoxville, Tenn.-based power company, has a new policy that forbids users access to the network with personal equipment.

Personal machines a no-no on the network

Jim Purcell , manager of IT security and standards at the TVA, said he has two programs in the works. First, he's making more applications available through a portal, so employees can still use their home machines for applications such as e-mail and payroll. Second, home users must use company equipment.

"It's a big issue for us," Purcell said.

Purcell said the TVA has also installed an InfoExpress perimeter security system that verifies PCs as they come in through the firewall.

One

For more information

Learn how to get your network hacked in 10 easy steps

 

Check out the Best Web Links on network security

company, a control system manufacturer, once had a deal with its antivirus software vendor that allowed it to distribute AV definitions to employees that used their home machines for business. But when the organization renegotiated its contract with the vendor, it was no longer financially feasible to have that benefit, said Jim Harings , an IT manager at the Milwaukee-based company.

"We used to let people take work home, but we can't buy laptops for everyone," Harings said. "We decided that for those who must work at home, they have to use a managed IT asset."

Haring's company also put in place a policy that requires anyone who accesses the company network, contractors in particular, to sign a statement saying they have the latest virus definitions.

Some experts said that the business of making individuals sign sworn statements about whether they have proper virus protection lacks real teeth. "Some people will sign anything just to keep a job," said Jeff Duntemann, an author and IT expert based in Colorado Springs, Colo.

Enforcement worth the cost

Duntemann said IT administrators must create strong policies and enforce them, even if it costs more money. Not all costs are easy to quantify, but the new threats make the matter more urgent. "We always insist on controlling the machines used for telecommuting," he said.

Though the arrival of Microsoft's Windows XP SP2 is generating a lot of buzz because of its built-in firewall and other security features, it doesn't really address the problems of enterprise IT, one expert said.

"It nags people to do the right thing, it doesn't force them to do the right thing," said Mike Cherry, an analyst at Directions on Microsoft, a Kirkland, Wash., consulting firm.

At Microsoft's recent Partner Conference, the company revealed intentions to develop Network Access Perimeter, which inspects a PC, or any device, from the moment it enters a firewall. If the machine doesn't have proper virus definitions, it is quarantined, or given limited access, until it can be brought up to date.

"I think it's the right way to go," Cherry said. "Over time, all organizations will want to do this."

Dig deeper on Network intrusion detection and prevention and malware removal

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close