Four key steps to secure converged networks

02 July 2010

The increasing convergence of multiple networks for voice, data, video and other services onto a single infrastructure based on Internet Protocol (IP), has the potential to leave serious gaps in security according to the Information Security Forum (ISF). Driven by the promise of reduced costs and increased flexibility, network convergence can expose organisations to unknown or unmitigated threats from malicious or malfunctioning infrastructure, devices and services. In addition, these problems are compounded if migration is not properly planned, structured and documented, says the ISF.

The new research from the ISF identifies the potential risks and rewards of convergence and details four key steps to secure converged networks.

“By integrating separate networks onto a common IP infrastructure, organisations are able to reduce duplication, make greater use of resources, simplify management and quickly introduce new services,” said Gary Wood, author of the ISF research. “In addition to voice and data that are widely associated with network convergence, other services and devices are being converged; from video conferencing and building monitoring, to ATM machines, factory machinery, warehouse vehicles and networked TV.”

“While the business case for convergence is compelling, information security professionals are faced with protecting merged networks that may consist of thousands of different devices and services based on a protocol that has little inherent security functionality,” explained Wood.

The ISF identifies four specific tasks to help organisations secure converged network services:
1. Protect core network services and infrastructure from malicious attack, accidental mis-configuration and equipment failure.
2. Authenticate and authorise users, devices and services to manage and restrict access to the converged network.
3. Create and implement a protection framework for end-point devices that can no longer rely on the network for protection.
4. Protect and manage services using the converged network using technologies such as encryption and virtual LANs.

“Convergence is shifting protection towards the devices, services and data itself with the network providing little more than guaranteed availability,” said Gary Wood. “While IPv6 does go some way to address these challenges, it is still not widely implemented in many organisations largely due to its complexity and incompatibility issues. Converged networks clearly offer considerable benefits but securing them requires a planned joint approach from network operations and IT departments to facilities and senior management and business users.”

The ISF briefing report on Network Convergence is available to ISF members.

Print version | email this to a friend Email to a friend | View other articles