We've said it before and we'll say it again: You will never have a totally secure network. The best you can hope for is that your security strategies will minimize exposure to attack, and if you are hit, the damage can . . .
We've said it before and we'll say it again: You will never have a totally secure network. The best you can hope for is that your security strategies will minimize exposure to attack, and if you are hit, the damage can be contained. Plenty of point products are available to help eliminate avenues of attack. Firewalls, VPNs, SSL, host- and network-based IDSs (intrusion-detection systems), and virus scanners all bar entry points. Encryption protects data in storage and in transit. But none of these technologies helps you let only authorized users in, only where they should be. Authentication is where this starts, and access control and accounting close the loop.

Access control and accounting are possible only if authentication takes place, but without all three processes, you can't implement a policy that stipulates who can access what, when, where and how, nor can you track who did what, when, where and how. Authentication--matching a user ID to an individual--is fundamental to security. Without knowing for sure that a user really is who he says he is, all your efforts toward access control and accounting are worthless.

The link for this article located at NetworkComputing is no longer available.