Technology Positioning Statement Report

6.1.8 Network-layer and Physical-layer Security Technolologies

Description: Proactive security software and hardware to monitor local area networks for intrusion, audit for vulnerabilities, and manage access policies.

Category: 6 - Networks   Subcategory: 1 - Enterprise Networks
Old Category: Security Transport and Network

Vision

RetirementContainmentCurrentTacticalStrategic
     

Standards

Industry UsageSC Usage
  

Performance Metrics

Security, reliability, managability, speed, packet size overhead, ability to work with firewalls.


Usage and Dependencies

Industry Usage: No widespread standards exist. Numerous proprietary products are available. Firewall technology is less helpful in the SC multiple-points-of-access environment, and it cannot offer any intrusion protection or monitoring against non-SC entities with legitimate access to the DOE Headquarters network. Software add-ons are improving capabilities. Capabilities are not keeping up with Internet-based access demands. Security attack methods are increasingly sophisticated.

For wireless LANs, "CDMA (Carrier Distributed, Multiple Access) is the most secure wireless technology. However, since the transmissions of the other major digital standards are securely encrypted, clients should not make call security one of the primary selection criteria when selecting a nationwide wireless carrier. Giga recommends that all clients entirely avoid analog technology and transition all current analog users to digital networks." --Which Wireless Technologies Are the Most Secure?, Weston Henderek, Giga, Feb. 22, 2001.

Last year saw the immense growth of extranet-related initiatives around the world. 2001 will be a year of further growth and increased pressure to build secure and reliable extranet architectures. As a result, technologies will be selected based on how well they meet urgent business requirements of authenticating remote users, authorizing them to target resources like Web applications and data sets, and administering and auditing disparate user populations and various target platforms.

That interest will cause organizations to put the brakes on public key infrastructure (PKI) implementations, while managed security services and privilege management products will see the most dynamic growth.

Organizationally, there will be further breakthrough toward a security program that is managed outside of IT a critical development for the success of extranets. And more and more people and policies will be recognized as the primary security focus, rather than technologies. -- Security Trends for 2001: Extranets Turn Up the Heat, Steve Hunt and Jan Sundgren, Giga, Jan. 2, 2001.

SC Usage: SC will comply with the security requirements of the SC Cyber Security Protection Plan (SCPP). SC is building a system of continual monitoring of all major network components, with 24-hour 7-days-a-week monitoring of network activities and plans in place for 24-hour 7-day monitoring of data traffic and of network server operations. IP addresses are dynamically allocated DHCP (implemented in FY 1999), which now permits dynamic address allocation.

SC has no responsibility for the Firewall - the proxy server no longer exists and will be eliminated altogether in the first half of 2001. Genuity is the firewall maintainer for DOE.

SC Application Impacts: Any application with proprietary information-sharing considerations.

Last Update: Valid Until:
4/12/20015/12/2001

References

-


List all Categories

Administer the Database