One way to solve all three of these problems is to control the data packets going in and out of each host. If each host only looks at the packets bound for it, the password sniffing problem is solved. If users are only allowed to access the hosts they need to do their job, they are limited to only the data with which they are trusted. As result, as much as possible, insider threat protection is gained. Finally, if each packet is checked going in and out of a host, the wireless hub would never see sensitive packets, and outsider packets entering via the wireless hub would be read only by the intended host.
Of course, the solution creates its own problems. If the software controlling the hostís access to the network can be modified from the host, then all thatís been accomplished is to create a little bit more work for the hacker. The hacker simply disables the security software and then proceeds normally. If the policy can be changed on the host it is protecting, the policy is basically useless. Another problem with controlling every hostís access to the network is the management of multiple security policies. Setting up policy on an individual host-by-host basis is an insurmountable task. A better solution is a centrally managed policy approach that scales for large organizations and cannot be tampered with by the individual hosts.
The solution in a nutshell is a distributed packet filtering firewall in front of each host on the network. Why packet filtering? There are many higher-layer protocols that could be selected, but it comes down to a question of standards. All higher-level protocols run over the same packet protocols. By controlling the information flow at the packet level, the information flow for all of the subsequent protocols will be controlled, without the need to adopt a new network packet standard. The solution requires simple packet filtering, as opposed to a stateful inspection approach. The more complicated the packet inspection, the greater the impact on throughput. Authenticating the packetís true origin is much more effective than trying to understand the contents of the packet.
Every host on the network today communicates using a network packet standard protocol that can be utilized to perform centralized management. The current accepted and deployed standard makes centralized management a reality, eliminating the need to wait for a new standard to evolve.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.