CrossNodes Briefing: Network Security Suites - Page 2
For critical and sensitive data, most IT managers implement some level of encryption. As much as companies may want encryption, it adds another layer to the communications process. Most data being transmitted does not require secure handling, and some IT managers do not invoke encryption every time it is appropriate. IT managers need to evaluate the data they send and store to assess the risk it presents. Some managers will determine that they have no need for complex encryption systems. Others will discover a new vulnerability and move quickly to introduce encryption to their public and private networks.
New Technologies Breed New Challenges
With the advent of mobile computing, networks face a new security threat. IT managers no longer control the boundaries of the network. For this reason, IT managers should ensure that any network security suite supports mobile code checking.
Similarly, Virtual Private Networks (VPN) can represent a unique risk because of the tunneling that VPNs support. Several network security suites and firewalls provide protection for these types of connections.
IT managers should consider the following key factors when evaluating network security suites:
- Graphical user interface: This permits operators to easily monitor and adjust the firewalls parameters. A strong interface also should support the other components of the network security suite.
- Configurable alert levels: The operator should be allowed to customize alert levels, so that the operator can filter out common false alarms and focus on potentially dangerous intrusions.
- Viewable operation status: This feature provides the operator with a real-time display of traffic, and allows the operator to intervene in the case of intrusions.
- Event history: All events involving the firewall and exceptions caught by the virus checking software should be logged. Event histories can be used to enhance security.
- Intrusion source tracing: The firewall software captures the address of any workstation that attempts an unauthorized access. The operator can use this to block traffic from that address.
- E-mail/pager alert: The security software generates an e-mail message or pages the operator if the firewall detects an illegal attempt to access the network.