With automated network access control, policy enforcement can become a pillar of network security, an attractive proposition as network perimeters stretch to incorporate clients in far-flung locations. The idea is to let client software communicate with the router to enable or disable network access. Centralized control of security packages will let managers build a rational system that can keep malicious code outside the perimeter.
Both the Intel and AMD CPU permission-bit technology and NAC extend the trust relationship from systems down to individual software and hardware components. Malicious code is kept from the CPU, while client systems must be configured to be considered trustworthy.
Two large issues loom. First, both NAC and CPU permission-bit technology require upgrades to systems and applications--the protection isn't automatic. Second, having closed these doors, organizations could face other vulnerabilities--attackers may shift their attention to Web applications and databases.
Cisco, AMD and Intel--along with their software partners--have created a compelling road map for improving security. Following the map will involve significant development and deployment challenges for both vendors and IT organizations, but these are steps in the right direction.
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
