Network administrators are being called on to effectively handle traffic originating from within the network while at the same time protecting those resources deemed necessary by the business. One solution to this problem is user personalized networks (UPN), which handle authentication and authorization at the user’s point of entry into the network.
This approach can go a long way in securing the system from internal attacks by allowing for authentication at the point where a user or device connects to the network.
Kelly Kanallekis, director of technology for Enterasys Networks in Mississauga, Ont., said the concept of UPNs is that, “in an organization there are a bunch of different systems that do different things. When a user logs onto the system, the system recognizes them and gives the user personalized settings. UPN brings that function to the network.”
The system knows which parts of the network a particular user can access, and after authenticating and authorizing the user, it can tap into that “intelligence” and give access to users from any device.
“There is one central place that understands the system and how each person can access it. UPN taps into that place using the 802.1x standard (which defines port-based network access controls), which allows a computer to authenticate to the network,” Kanallekis said.
A UPN also limits what traffic can get into the network by creating an intelligent perimeter, which can adapt to the needs and security requirements of the user.
Enterasys created a UPN based on the idea of directory-enabled networking, an idea Kanallekis said never seemed to pan out. But when one Enterasys director went for lunch with a colleague from Microsoft, the idea came back to the forefront.
UPN is a solution that allows for access to the network for the services that are needed – and only for those services – by limiting the type of traffic dependent upon user authentication.
If a user is not recognized by the network, Enterasys’ UPN simply will not allow for sign on. “The network will throw away the traffic an unauthorized user tried to generate,” Kanallekis said.
This type of network security is completely mobile, as it is based on authorization credentials that can be entered from any machine.
Brian Young, vice-president and CIO at Hobart & Williams Smith Colleges in Geneva, N.Y., said the UPN solution is ideal for the educator’s system as it allows for tools to be built on top of it, but also for students to access it from anywhere on any device.
“This is allowing staff and students to tunnel in securely from home,” Young said, adding that users do not have to be well-versed in networking to deploy these types of networks.
At the moment, the college is only deploying the network to its summer students and staff, but Young did not foresee any problem moving this system to fit the larger numbers of students who attend the schools during the regular school year.