The network must now support many devices -- cameras, monitors, door controls, HVAC, card readers, retinal scanners, among others.
September 1, 2005
I was talking to a work colleague based in Ottawa over the telephone last month when he suddenly interrupted me to say that he had just received an urgent e-mail message to shut his PC down immediately.
About 20 seconds later, I received the same message and after both of our PCs were rebooted, the same message popped up again.
We discovered later that day that every PC connected to Bell Canada’s corporate LAN was affected. A virus had infiltrated our network into our routers and switches — and we have a lot of them. I estimate that 10,000 people were affected by the attack on our network.
The network of an organization represents everything that a company knows about itself: its database, products, employees, customers, financial information — the list could go on and on.
The comprehensive nature of an organizational network and the information in it makes the devices that protect and secure it vitally important.
Companies and individuals routinely add protection to their networks, especially in the last few years, but these precautions still cannot guard us from every attack. A case in point is the recent virus that effected Bell Canada.
But secure we must be, and we must attempt to close all the holes.
Two major categories
Security falls into two major categories, network and physical.
In the network security side, there are at least two basic threats. There are the troubles outside an organization via the Internet in the form of hackers, spammers, denial of service attacks.
And then there are the inside jobs via an organization’s intranet, which can take the form of employee sabotage, employee error or industrial espionage.
These threats are more often than not controlled via software such as firewalls, honey pots, certifications, DMZs, and IP VPNs. The software can reside on dedicated firewall appliances, routers, PCs and servers.
Physical security includes actual devices that use the network as part of their function, for example, camera surveillance, environmental monitors, equipment to control or protect premises, and access control devices.
Physical security requirements typically start at the wall outlet or end device and extend into the pathways, conduits, air plenums and other spaces.
BICSI members and other information transport systems (ITS) professionals have traditionally been considered designers of infrastructure or support services.
Well, times have definitely changed with the addition of security requirements.
Designers must extend their knowledge beyond telephony and data into understanding network and physical security applications such as Internet access, firewalls, DMZ services, and access control devices to ensure that such applications are supported with appropriate standards based design practices
Certain physical considerations must be taken into account when network security is designed.
The network infrastructure must be designed to standards. Those standards must then be extended to serve the new requirements of security products that are becoming part of the network. The network must now support many devices in addition to the traditional voice and data — cameras, monitors, door controls, HVAC, card readers, retinal scanners, among others.
Courses and manuals
For the ultimate resource in organizational networks, you don’t have to look any farther than BICSI’s Network Design Reference Manual (NDRM), 5th edition. It is a single point of reference for all the major topics in networking today: LANs, remote access, internetworking, wired and wireless connectivity, Ethernet, storage, security, management, and applications.
Plus, the material is vendor-neutral and standards-based, important when dealing with a myriad of new and varied devices that are being IP enabled and require connectivity in today’s network centric world.
To provide the most current information, all BICSI manuals are updated regularly and the 6th edition of the NDRM is scheduled for release in January. Making its debut at the same time will be BICSI’s new Electronic Safety and Security Design Reference Manual, a must for anyone interested in network security issues.
BICSI also offers two instructor led-courses in data distribution design: DA100: Introduction to Networks and DA110: Designing Networks. Both courses have sections dealing with security.
For more information, contact BICSI, 800-242-7405 (toll free USA and Canada) or visit www.bicsi.org.
Roman Dabrowski, RCDD, is the Canadian Director of BICSI and a Director of Product Management with Bell Canada. He can be reached via e-mail at firstname.lastname@example.org.