Guests, contractors, vendors, business partners, and other temporary users require and expect certain level of network access within organizations that they visit. Corporate network access has been typically open; internal LAN connections have seldom required authentication. Today however, regulatory and other security concerns demand that organizations adopt a more secure posture towards these short-term users.
Secure Network Access
for Contractors, Business
Partners and Guests
Before wireless access, laptops, and DHCP, it was common to use the network to segment access according to user role. Firewall rules could use the static IP address of a user's 30-pound desktop to ensure that machine's user had access to the appropriate Executive Summary resources. For all intents and purposes, this was as good as writing a rule based on the Guests, contractors, vendors, business identity of the user herself. In recent years, mobility has relegated the network to a partners, and other temporary users second-tier role from a security perspective. require and expect certain level of Authenticating the user at the network connection itself is quite easy with dial-up network access within organizations and VPN. For LAN access, the picture is quite different. Physical access to the building that they visit. Corporate network is often used as a proxy for a valid authentication. Anyone in the building, regardless of access has been typically open; his or her role, can plug in a device with an IP stack and connect. internal LAN connections have seldom required authentication. Today Unfortunately, this trend towards all or nothing access has occurred at the exact however, regulatory and other security time that the types of network users and the ways they connect are becoming more concerns demand that organizations diverse. Short-term or "guest" users are using this open LAN connectivity to access adopt a more secure posture towards corporate data and applications to complete assignments or retrieve information. these short-term users. On the whole, that's not a bad thing. Network utility and value have grown and the constituents are able to derive value from it. The security reality of this increased The best approach to solving the connectivity, is far less desirable. guest user problem leverages an organization's existing network Open networks force applications to shoulder the burden of security. Traditional infrastructure and enforcement network firewalls and intrusion prevention devices still serve a role, but as more devices to prevent significant overhead application traffic is encrypted and as users are more apt to change their IP addresses, or cost. This is especially critical their utility is growing more suspect. Networks and data are hardly secure if anyone is for authenticated networking since allowed to knock on the front door of a critical application with impunity. solutions must span multiple forms of network access including remote- Just like a corporation badges its doors, activates alarms and employs security access, wired, and wireless. If not guards to guard its buildings, it is only common sense that multiple defenses are needed managed carefully, guest management to secure its network. Beyond the intuitive hypothesis of multiple layers of defense can become a costly proposition for lies a far less ambiguous admonishment of open networks--audit and regulatory many organizations. requirements.
For enhanced security, a powerful In a heavily regulated world, chances are SOX, HIPAA, PCI, GLBA, DMCA, CALEA, system must ensure that those with FISMA or other mandates apply to most organizations and networks. Compliance with access to the network are authorized, these regulations usually requires audited network access. Auditors are interpreting not just authenticated, with only some of these regulations as mandating authenticated networks so that access can be the rights they need. Delegated traced based on time of day, user or even network destination.administration reduces IT burden The heightened security requirements couldn't have come at a worse time for and increases responsiveness of guest organizations. IT spending and budgets have been on the decline for the last several management, while giving IT complete years. This is especially critical for authenticated networking since solutions must span control and audit capabilities. multiple forms of network access including remote-access, wired, and wireless. If not managed carefully, guest management can become a costly proposition to many organizations. The best approach to solving the guest user problem leverages an organization's existing network infrastructure and en... [download for more]