Today, we continue our conversation with Jens Lucius, QA manager and trainer at NCP engineering on the ESUKOM project, which is an initiative that aims to develop a real-time security solution for enterprise networks that works based upon the correlation of metadata. As a core member of the project, NCP has compiled a technical paper on the project, as well.
Q: NCP’s hybrid IPsec / SSL VPN gateway allows network administrators to block unauthorized VPN clients and supports the Trusted Computing Group’s (TCG) IF-MAP protocol. What’s the ultimate end-user benefit for this?
Jens: The network security right now is very static, and mostly, does not have the ability to act on information in real-time. Fixed defined access lists (mostly even distributed on several access systems), security violation reporting based on e-mail or web-reporting are the standard right now. Not all companies can afford a 24/7 administrator on standby for security problems.
Now we’re try to change that: intrusion detection systems, firewalls and VPNs or even door access systems are able to talk to each other and contribute to a real-time representation of the network. Companies using IF-MAP are able to receive more information about the status of their network and do enforcement based on that. The NCP VPN solution acts not only as a provider of information gathered from a user’s VPN access, but also can do enforcement based on that.
For example, an intrusion detection system could detect a security breach originating from a VPN user, report that to the IF-MAP Server and the NCP VPN solution will shut down or limit the VPN access for that user. No need for time-costly interaction of an administrator (and time is of the essence in case of an attack). Also automation of security enforcement can help take the load of the network administrator, whose task will get more taxing with the increase of mobile workers and their demands. Of course, automation has to be carefully weighed against the possibility of false positives.
Another benefit is the possibility to do single sign-on or federation with other security systems based on a common standard — and not proprietary protocols. Federation, for example, has already been successfully tested with Juniper at the last TCG Plugfest.
Stay tuned for Part 3, in which we talk to Jens about the VOGUE project.