Security Basics: Managing the Threat Part 4

(Network Access Control and Gateway Protection) In previous blogs we talked about the need to educate end users, knowing the details of what activity is occurring on your network, and managing the threat through compliance.  In part 4, we’re going to talk about protecting your network and web/email traffic. First let’s talk about Network Access Control.  Most enterprises have widespread networks across multiple locations with hundreds or thousands of network ports at each.  Protecting these networks gives you peace of mind that a rouge machine will not get on the network and potentially capture data or cause disruptions.   Another way to think of this is network endpoint compliance.  Compliant machines get access to the network. There are multiple ways to do Network Access Control (NAC), both directly involving the endpoint and components and indirectly, using only network switches to control access onto the network.  Each deployment method has advantages.  If you do endpoint-based NAC a small agent, either resident software on the endpoint or a dissolvable agent for machines that your enterprise can’t directly manage gets loaded on the system.  A series of checks that are defined by the administrators then is ran to ensure that the endpoint has the minimum level of security required to get admission to the network.  This gives the benefit of having the actual client handle the checks rather than a remote server that may not have proper privileges to the endpoint. Using the network device based NAC, the actual admission to the network is handled by opening and closing the port that the endpoint is attached to wired or wireless or switching VLANs to a quarantined network.  This gives an additional layer of protection by stopping the physical connection of rouge or out of compliance endpoints from attaching to your network. Some examples of widely used Network Access Control checks:

• Antivirus running and definitions updated in last 2 weeks.
• Firewall running.
• Client Hard Drive is encrypted.
• Endpoint Management processes running. ([Altiris], [Desktop Authority], [Bladelogic])
• Certain Registry keys present and version set.

There are two types of protection you can deploy to protect your network from threats.  First is protecting your enterprise from junk email, commonly referred to as spam.  Symantec is the market leader in this space with two products: the Symantec Messaging Gateway powered by Brightmail, previously the Brightmail Gateway, and the Symantec Web Gateway Symantec Messaging Gateway, delivers inbound and outbound messaging security, with effective and accurate real-time antispam and antivirus protection, advanced content filtering, data loss prevention, and optional email encryption. Messaging Gateway is simple to administer and catches more than 99 percent of spam with less than one in a million false positives.  With Messaging Gateway defending the email perimeter, organizations can effectively respond to new messaging threats, minimizing network disruption, preserving employee productivity, and protecting company reputation. Messaging Gateway leverages real-time automatic antispam and antivirus updates from the Symantec Global Intelligence Network, on-box connection throttling using both global and self-learning local IP reputation, and comprehensive reporting, allowing administrators to focus on the overall security posture of the organization, while effectively reporting status to key executives and management. Advanced content filtering, data loss prevention, and email encryption help organizations control sensitive data, reducing the risks and costs associated with data loss, and at the same time meeting regulatory compliance and corporate governance demands. Messaging Gateway is available as both a physical appliance and a VMware-certified virtual appliance, enabling organizations to easily add capacity to keep messages flowing in the face of growing spam volume. Symantec Web Gateway is an innovative Web security gateway appliance that protects organizations against Web 2.0 threats, including malicious URLs, spyware, botnets, viruses, and other types of malware, and provides controls for Web and application use. Backed by the Symantec Global Intelligence Network, the Symantec Web Gateway is built on a scalable platform that quickly and simultaneously scans for malware and inappropriate Web content, ensuring that organizations can maintain critical up-time and employee productivity that can suffer when organizations come under attack. Symantec Web Gateway is built on a real-time inspection engine that scans traffic on-the-fly, without the delays associated with proxy-based architectures. On top of this real-time engine, Symantec Web Gateway adds multi-layer defenses to block inappropriate or malicious websites, active content, applications file downloads, “phone home” traffic, and attacks. To review, [educating the end user], [monitoring your network closely], [enforcing endpoint security policy], and protecting your network from malicious traffic are key items that allow administrators to focus on other projects and items that make them more efficient in their daily duties.