Secure against rogue devices

Communications News,  July, 2007  by Joel Riciputi

• E-mail
• Print
• Link

Are there rogue devices connected to your network that could expose confidential data or critical assets? Discovering everything that is on the network, accurately classifying all of the devices, monitoring for changes, and providing automated remediation are key building blocks to helping organizations regain control and solve the rogue device problem.

Two of the most common and dangerous threats come from the proliferation of wireless networking in the form of rogue access points and rogue peers. A rogue peer is an end-user computer-usually a laptop-that has both bridging and wireless enabled. Since the basic functions of an access point are bridging and wireless access, any laptop that has these capabilities enabled presents a similar vulnerability or worse. In fact, the vulnerability with a rogue peer can be much more severe than with a rogue AP because laptops provide almost no security features to prevent connections from other unauthorized users.

Most Popular Articles in Technology

An overview of continuous data protection

Why all those current ratings?

Many countries now have a mobile penetration rate above 100%, report says

The Tata Group's big telecom gamble: VSNL's recent acquisition of Tyco ...

MEASURING BANK BRANCH EFFICIENCY USING DATA ENVELOPMENT ANALYSIS: MANAGERIAL ...

More »

With the network appliance-scanning approach, a combination of passive and active techniques are used for discovering devices, because both are needed to discover all of the devices. Passive techniques place the least load on the network and also help the system discover the network topology, but some devices may not communicate frequently.

Active techniques work more quickly and are less dependent on the network topology. All of the information that is discovered is used to form a basic picture of the network and, most importantly, a detailed list of every device that is connected to it.

The second step is to quickly hone in on the devices that meet the criteria of being a threat. Solutions using a wired-side scanning approach collect as much information about each device as possible. Once the basic device mapping is complete, additional probing is used for classification. The system then combines the information and matches the data against known device signatures to determine which one matches the best.

Being able to classify every device on the network has an impact on the accuracy of the system, especially in the reduction of classification false positives. If the classification engine can confidently determine that a device is not an AP, then it can be ruled out as a threat.

The major challenge for device classification has been in creating a database of fingerprints for all the available devices. New collaborative classification techniques are now available for building the classification database. This process leverages the network effect and the collaboration of thousands of network administrators and networks to build and maintain up-to-date profiles of millions of devices.

One method to achieve this is through an open source scanning agent that uses collaborative classification to look up and identify the device type and its identity in real time. Identified devices are then included in a database. All data collected in the database can be anonymously stored and made available to customers that leverage the network security appliance.

The final step in solving the rogue device problem is remediation. The wired-side solution approach mitigates rogue wireless devices through the technique of Ethernet port disabling. Enterprises can leverage configuration capabilities for auto blocking a particular device type. Whether automatic or manual, the product will block the switch port for any rogue wireless device.

Joel Riciputi is director of product and corporate marketing for Network Chemistry, Palo Alto, Calif.

For more information: rsleads.com/707cn-258

COPYRIGHT 2007 Nelson Publishing
COPYRIGHT 2008 Gale, Cengage Learning

Find Research Guides for:

• Abortion
• ADHD
• AIDS
• Alternative Energy
• Alternative Medicine
• Cancer
• Capital Punishment
• Cloning
• Hate Crime
• Cryonics
• Drug Abuse
• Eating Disorders
• Gay Issues
• Global Warming
• Holidays
• Immigration
• Medical
• Men's Health
• Mental Health
• Real Estate
• Stem Cells
• Women's Health

Find Featured Titles for: Technology

• Advanced Battery Technology
• America's Network
• BT Catalyst
• Baseline
• CADalyst
• Cable World
• Channel 3
• Channel Insider, The
• Communications News
• Computer Technology Review
• Dev Source
• PC Magazine

Most Popular Articles in Technology

• An overview of continuous data protection
• Why all those current ratings?
• Many countries now have a mobile penetration rate above 100%, report says
• The Tata Group's big telecom gamble: VSNL's recent acquisition of Tyco ...
• MEASURING BANK BRANCH EFFICIENCY USING DATA ENVELOPMENT ANALYSIS: MANAGERIAL ...
• More »

Most Popular Publications in Technology

• Computer Technology Review
• Japan, Inc.
• Communications News
• Internet Business News
• Macworld
• More »