Five important security risks invisible to the network

The current network is ignorant of IT systems. As Gartner and other market research companies have pointed out, IT does not know which user is on the network, we also know little about Application Communication on the LAN.

In fact, IT ultimately relies on encryption tools to replace user data and application data. However, these tools are rarely used to associate information with real-time communication.

However, if the network has been unaware of users and applications for a long time, this black hole now has a problem, that is, changes in business behavior will significantly change the risk level. On the one hand, enterprise organizations now need to host more users, many of which are also people outside the enterprise, and these users will always use more and more applications. On the other hand, in order to increase productivity, enterprises need these changes and they need to work with partners and contractors to effectively complete the project. New applications will usually promote higher levels of collaboration among employees. Therefore, the key here is that the IT department should allow these fruitful practices without compromising the security of digital assets of institutions or affecting the productivity of employees.

What risks can the IT department avoid by increasing its identity recognition and application visibility and network control? The following are the security risks:

I. Improper behavior of applications (or personnel): banks often give the impression that transactions on ATMS use SSH (Secure Shell) encrypted channel-after obtaining applications in the network and intelligently observing the flow of applications, they noticed a large number of Telnet (remote login) processes and tracked them to the ATM. They learned that these sensitive transactions that contain customer financial and personal data are transparently performed over Telnet, rather than encrypted over SSH.

2. who is visiting the website: ensure correct billing for any business charged by the customer. A time-based call center needs to serve incoming calls. The billing cycle is counted from the time the phone calls are sent to the call center queue, even though the customer has to wait. A Study of all major applications in a call center shows that a large number of game websites are accessible. This indicates that playing a game is one of the reasons why some employees postpone answering users' phone numbers, thus increasing the customer's fees. If you associate Website access with the customer's name, the corresponding enterprise can eliminate this waste of user time and resume accurate billing for users.

3. Port 80 problems: people generally use this word to explain many applications running on port 80. Although these communication traffic is the same as the network traffic, more applications currently use L4 ports. Consider applications that use cloud computing such as Oracle's Web browser or SalesForce.com. Port 80 does not tell you anything now. In fact, applications running on L4 ports may bring risks to organizations. Some software vendors believe that they have successfully disabled eDonkey (Point-to-Point Data Exchange Program) by shutting down known ports on the Perimeter Firewall ). Once they are able to perform a detailed check on LAN applications, they will see that eDonkey is still widely used, so that their source code is at risk.

4. The IP address is not the same as the user: Searching for the IP address of the user proxy may also cause risks to the Enterprise. The IT department usually relies on form tracking addresses and associates addresses with user names. In one case, an enterprise's form indicates that an IP address belongs to a vswitch port and that port has many other management devices, in addition, a policy stipulates that the port can only use relevant management applications. Imagine what will happen when a policy violation occurs. By viewing detailed communication streams, they can treat "senders" as a user rather than a switch. In this case, it is easy to generate duplicate IP addresses and network loops, or incorrectly group users and accidentally provide access to sensitive financial data. Only when the IP address is closely monitored can an organization know who is doing what on the network.

5. illegal download: Linking Streaming Media downloads with individual users is critical not only to maintaining productivity (and server space), but also to complying with regulations. Any organization that has an illegal download behavior will eventually be held legally liable. MPAA and RIAA insist on strict action on copyright infringement. By connecting the download communication with a specific user, the IT department can find the user and reiterate the Internet use policy.

In general, business behavior changes very quickly. The IT department must associate the communication traffic with the user name. This is important for implementing access policies, implementing mandatory management, complying with regulatory requirements, meeting industry audit requirements, and ensuring staff productivity. The visibility in the LAN is very important for IT departments to control what users can do on the LAN, because you cannot control what you cannot see.

Therefore, for data protection, employee productivity, simplified IT operations, and jobs of a person, the IT department should find some ways to know the identity of users in the LAN more accurately and all the applications in use. No matter which mechanism is used, IT departments can benefit from identity-based user and application control.