Introduction

With the wide array of web-enabled devices and increased usage of contingent work-force, identity management has become a huge business challenge. This challenge is further amplified by disparate security devices and lack of coordination between these devices. Simply identifying the user by login credential and the device by its IP address is no longer enough.

Identity enabling the network not only ensures that the outsourcers and contractors are able to access the network resources they need to fulfill what the company hired them for, but also makes sure that these users are not able to access sensitive data, which is critically important for company’s long term sustained competitive advantage. Identity enabling the network also ensures that trusted users behave appropriately and in any unfortunate event of insider breach, proper logs and audit trails are available for forensic experts to look into.

The ideal identity management solution should capture and correlate all the access parameters and provide a holistic view to the security administrator who can take an informed decision. Having identity management as the center piece will also help administrator configure policy information based on access parameters.

Challenges

Access Parameters: Access parameters can be classified as follows:

- Who is accessing the network? : Includes username or network identification of the person accessing the network. Typically this information is captured by AAA server infrastructure.

- How the network is being accessed? – The ubiquity of web-capable devices makes it important to understand how the network is being accessed. Is it via a laptop or handheld? Is it a clean system?

It’s also important to understand whether the device is a corporate asset or not. To understand the vulnerability of the machine it’s important to determine the operating system. Typically, a Window-based device is more prone to malware and viruses than a Mac or Linux device. This information about the client device helps IT risk managers evaluate organization’s exposure.

- What is being accessed? – It’s important to understand what resources are being accessed. With more and more resources getting virtualized or moving to the cloud, identifying the resources by IP address is not enough.

- Where is the network being accessed from?  – Is the user on office LAN or remote? If the user is remote it becomes critically important to ensure the confidentiality of data. The security administrator must be able to ensure that a secure channel exists between the client and the server.

- When is the network being accessed?  – This area is often overlooked by organizations. The time stamp associated with the access of the network helps identify whether network access is during office-hours or not. Specifically, personal web-browsing during business hour can be very dangerous and could bring down the entire network to halt.

Organizations find it difficult to tie these parameters together into a single, secure Identity Management system. Sometimes the very organization of the IT department hinders a security administrator’s ability to combine these parameters usefully but, more often; it is lack of coordination among the organization’s various security entities that pose the greatest obstacle to identity enablement.

Typically, organizations deploy a firewall as intrusion detection and prevention system to block unauthorized access and to detect and prevent attacks against a specific host (host-based IDS) or the network (network-based IDS) and an AAA (Authorization, Authentication and Accounting) infrastructure to authenticate and authorize any user.

A lack of coordination between these security devices hinders a security administrator’s ability to act quickly in case of any attack. Identity enabling the network ensures that not only every person and device accessing the network is identified but also that disparate security system act in a coordinated fashion to thwart attack.

Industry Implementations:

Identity enablement objective can be achieved by either deploying commercial identity management software or by rolling out Network Access Control (NAC).

Typically, software vendors such as Microsoft, IBM, Oracle, Sun Microsystems and Novell offer Identity management software which also offers single sign-on (SSO). These are cheaper, offer deployment flexibility, provide robust single SSO functionality and tight application integration. But they do not provide network visibility and difficult to mitigate against insider threat

NAC Vendors such as Cisco and Juniper offer identity enablement by providing integration among various network elements - Firewall, Intrusion detection system or 3rd party network appliances. Cisco has taken the approach of providing NAC APIs to 3rd party vendors whereas Juniper is focused on integrating its Switch, firewall and IDP product-lines.  These are easier to mitigate against insider threat since network vendors can control all access gateways. For example, NAC appliance can get information from IDP and block the user by dynamically configuring firewall or switch. And they are easier in terms of getting a top-level view of security status. However, they are costly and provide lesser deployment flexibility and vendor specific.

Tweet This Post