The solution in a nutshell is a distributed packet filtering firewall in front of each host on the network. Why packet filtering? There are many higher-layer protocols that could be selected, but it comes down to a question of standards. All higher-level protocols run over the same packet protocols. By controlling the information flow at the packet level, the information flow for all of the subsequent protocols will be controlled, without the need to adopt a new network packet standard. The solution requires simple packet filtering, as opposed to a stateful inspection approach. The more complicated the packet inspection, the greater the impact on throughput. Authenticating the packetís true origin is much more effective than trying to understand the contents of the packet.
Every host on the network today communicates using a network packet standard protocol that can be utilized to perform centralized management. The current accepted and deployed standard makes centralized management a reality, eliminating the need to wait for a new standard to evolve.
The current situation is very similar to the dawn of the Internet. In the beginning, organizations had to be educated on what a firewall was, and why it was a good idea to protect assets from the Internet. Today, no one even considers connecting an organization to the Internet without a firewall. In ten years firewalls have gone from a concept for researchers to a practical requirement understood by the average Internet user. Similarly, the concept of a distributed firewall on every host is a new concept that has not caught on. Ten years from now, no one will consider connecting a computer to a network without a distributed firewall to protect it.
Infosecurity Europe is Europe's largest and most important information security event. Now in its 8th year, the show features Europe's most comprehensive FREE education programme, and over 200 exhibitors at the Grand Hall at Olympia from 29th April - 1st May 2003. www.infosec.co.uk