Network security: A practical approach by Ilan Meller

a single common thread: In each case, the hacker has to overcome the obstacle presented by the user name and password. Imagine what would happen, for example, if hackers could not find an available user account for their own use? What good would it do the hacker to access the LAN if he is unable to clear the last hurdle?

A security solution based on this very hurdle was created by Made4Biz Security. The solution, Dynamic Security, adds a layer of location-based security to the network, and uses it to dry up the pool of user accounts available to a hacker. Dynamic Security bridges physical access control and logical access control, in the process implementing a security policy that was not previously practicable.

Dynamic Security addresses security issues which have been largely overlooked. For example, there is no point in allowing an employee remote access to the organizational network when the employee is physically present in the work place. Another example: There is no point to allowing two accounts of the same employee to access the network simultaneously from different places. It is clear, after all, that if the employee is one place he or she cannot possibly be at another place at the same time.

These examples are only two illustrations of the many capabilities supported by Dynamic Security — capabilities which are generated intrinsically by employing location-based and time-based security.

Typical ID management (IDM) system deals with an employee on only three occasions: on hiring, promotion, and termination of employment. This implementation of IDM systems, limited as it is, costs the organization a great deal of money, but nonetheless leaves the organization exposed to the evils of user management. A European bank learned that lesson recently when it fired an employee from its Boston branch on a Thursday. The fired employee was accompanied to his desk to collect his private belongings and then was sent home. As soon as he was fired, the IDM went into action and cancelled all of his authorizations. On the following Saturday, the former employee showed up at the bank’s office and told the guard he forgot his pass card at home. The guard, who knew him, let him into the office, “as a personal favor.” The ex-employee knew where to find the hidden password of his peer, used it to enter the network, and sent large amounts of confidential data to his own private e-mail address. When he was done with his caper, he thanked the guard and left.

Even though the IDM system worked perfectly in this case, it did not protect the organization from sabotage by the disgruntled employee. Dynamic Security closes such breaches automatically because the account of an employee who is not physically at the place of work (recall that the fired employee used the password of collegue who was at home at the time) would never have been available.

Dynamic Security can be implemented in a few days, and it offers benefits to the organization already by the end of the first installation day. Tom Bakker, IT Security Manager of the Delta Lloyd insurance company says, “For years we we’re accustomed to working with hard to implement security systems, but Dynamic Security has changed all that. Its polite implementation methodology is easy and rapid, while its benefit is invaluable.”

We have not touched on the dangers resulting from the actions of inside jobs and many other exposures which are handled by Dynamic Security. More about that will follow in another article.

Ilan Meller is CEO of Made4Biz Security