|
With the ever-growing concerns surrounding the protection of enterprise computing assets, the typical IT operations manager or IT administrator is increasingly being tasked with managing the security within their environment. on top of having to worry about their traditional IT management stewardships, they now face an array of new challenges that include keeping endpoints secure, dealing with infected machines, enforcing compliance, preventing the proliferation of malicious code, and more. This white paper examines how the network access control capabilities of LANDesk Trusted Access available within LANDesk Security Suite help organizations protect and secure their enterprise networks at their endpoints to reduce malicious attacks and the resulting downtime, lost productivity, and lost revenues.
Introduction: unsecured Endpoints = Huge vulnerabilities
While traditional IT security models have focused on making the network perimeter immune to malicious attacks, today's perimeter is getting more difficult to define and defend. And unlike yesterday's threats that depended on the actions of users for transmission, today's tactics infect entire networks without any user involvement. What's more, users with authorized access to computing resources pose more danger than those who must breach a perimeter firewall to get inside the network. Why is this so? Computing endpoints such as laptops, desktops, PDAs, and other mobile devices in use across the continent or the corporate campus are always in vulnerable states and susceptible to malicious infection. They may be missing critical oS or application patches or anti-virus software. Perhaps signature files are out of date or a personal firewall is missing or misconfigured.
Yankee group Research, Inc., reports that mobile computing is growing steadily, with the number of employees with remote access increasing from 5% in 003 to 34% in 004. It's no secret that there are many more remote users, platforms, and access methods; more connections to customers, partners, and suppliers; and more desktop, laptop, handheld, and phone types. Internally borne security threats such as spyware, worms, Trojans, backdoors, keyloggers and other malware are on the rise. So are new tactics. If you have malicious intentions, why try to penetrate firewalls or application gateways when you can slide in on the coattails of trusted users? 1 Common harmful scenarios could include: n An occasionally connected corporate laptop is corrupted with a worm and infects the internal network when it connects n An employee's mobile device connects via a corporate Ethernet port and infects the network n An infected contractor's laptop contaminates the network when it is allowed unchecked access And with these scenarios comes downtime. As reported by Martin Courtney in the January 1 , 005 issue of IT Week, a survey last year of 80 large u.S. companies conducted by analyst firm Infonetics indicated that these businesses averaged 501 hours of network downtime per year, costing them nearly four percent of their revenue, totaling millions of dollars. Courtney also reported that in separate research, analyst firm gartner estimated the hourly cost of network downtime for large corporations was $4 ,000, "with a typical business experiencing an average of 87 hours of downtime a year, resulting in total losses exceeding $3.6 million." Mechanisms that limit loss and damage from these scenarios include both proactive solutions that only allow connection by computers that are judged to be safe; and reactive solutions that detect the actions of a malicious computer and quickly isolate it from the rest of the network. A combination of the two strategies will be required to meet the demands of future threats.
Intrusion Prevention by Any other Name
Once infected endpoint devices attach to the internal network, worms can infect vulnerable internal PCs and Window servers within minutes. because there will always be some internal PCs and servers that are in vulnerable states, security policies need to be enforced before network connections are established. often called "scan-and-block," "quarantine technology," or "sand boxing," network access control is intended to bar corrupted systems from gaining network access and will protect corporate resources from connected systems that become corrupted.
|
