The Infomation Technology (Certifying Authority) Regulations, 2001
The Cyber Regulations Appellate Tribunal
 
Navigation
Introduction to Cyber Crime
The Information Technology ACT 2000
The Information Technology ACT 2008
Viruses
Frequently Used Cyber Crime
Worms
Latest News
Press Clippings
Publications/ Articles
Trojans
Computer's Vulnerability
E-mail Related Crimes
Denial Of Service Tools
Application Security
M-commerce Law
Articles on ITA 2008
Contact Us
Cyber Crime Branch Advisory
The Nigerian Scam
Important Links
Cyber Crime Investigation Cell
Delhi Police
Delhi Traffic Police

Application Security and Application Networks

Would your organization benefit from application security and the Application Network?

Consider your answer to the following hypothetical question from a line of business or the CIO:

"Our business demands that we use [insert any application here]; can we allow our [remote or internal] users access to it?"

"No, those users aren't trusted." "No, traffic is not encrypted." "No, we can't extend a VPN because of security." "No, we don't want to put that database server in the DMZ." "No, we can't route the traffic because of NAT and private IP addresses." "No, we'd have to open non-standard ports and we can't do that." "No, that application is not webified." "No, our firewall can't handle dynamic port requests." "No, we don't allow any direct touch between networks." "No…"

If any of these answers sound familiar, then application security and the Application Network can help.

The Access and security trade-off

Today, extending access to applications for the users who need them is no longer a "nice to have" - but a key determinant of who will win and who will lose. Legacy applications and databases, for example, contain invaluable customer information and provide a great resource for partners and other trusted third parties; email and other messaging applications are indispensable for seemingly instantaneous communication; and 'emerging' applications, such as audio and video conferencing, are now the critical enabler of 'real-time business,' resulting in huge gains in both productivity and profitability. Facilitating the rollout and accessibility of these applications, IP networks - both private and public, wired and wireless - make access to applications possible for any user from any corner of the globe. Why, then, are CIOs constantly refereeing a tug-of-war between the lines of business who want to realize the value of their applications by extending them to the users who need them and the network administrators who want to insulate their network from attack by increasingly limiting access for untrusted third parties?

What is driving this zero sum game where any access gained by the business results in a corresponding decrease in network security? The answer lies in the use of network security to deploy applications. That is, network security, which by its design disrupts and limits connectivity between networks, is also used to enable connectivity. These products - while critical for protecting the physical network - were not intended to protect and extend applications and consequently using them to deploy applications inevitably results in the access and security trade off.

The solution, however, is not to increase the IT budget to buy more point solutions or deploy an army of network administrators to provide the highly-oxymoronic 'brute force flexibility,' but to deploy a new conceptual network called the Application Network. The Application Network is a logical network that overlays the physical IP network and leverages its communications infrastructure while not undermining its physical security. The Application Network also underlies the applications that need the physical network for connectivity, providing robust and extensible application-layer security. When deployed, the Application Networks allow enterprises to use the applications their businesses require and securely extend those to the users who need them - while taking advantage of, not compromising, the network security infrastructure.

A Little History

Thirty years have passed since the U.S. Defense Advanced Research Projects Agency (DARPA) initiated the project to determine a method of linking together many disparate packet networks to enable cross-network communication. According to history, the initiative was referred to as the Internetworking project and the resulting mesh of linked packet networks was called the Internet. The Internet at that time was an aggregation of packet networks funded and hosted by government and educational enterprises throughout the United States. Enabling this inter-communication was the development of the Internet Protocol (IP), which defined how data packets are routed across the various networks. Until the 1980's the Internet was a combination of public networks that allowed primarily academic and government to communicate freely and openly. Applications utilizing the TCP/IP protocol suite could be extended to users with routable IP addresses, a requirement of the early Internet. Soon, however, and by design, the Internet and its obvious business benefits began to get the attention of commercial enterprises as well as foreign governments and soon these organizations began to adhere to the IP protocol and connect their local networks to this public communications infrastructure. Now, users were diverse, unknown and not necessarily trusted while the information accessible was no longer academic, but sensitive business and governmental intelligence. Network security was born.

The Purpose of Network Security

Necessity certainly bred invention with the advent of network security. At a very high level, organizations needed to protect their physical networks from this 'untrusted' Internet and were eager to find solutions that allowed them limited access to the public networks while insulating their networks from potential attack and information theft. Answering this demand, firewalls were developed to protect the physical network. Firewalls, often utilizing Network Address Translation (NAT) for non-routable addresses that are hidden from the outside,were designed to limit network access by breaking the two fundamental rules of IP routing - that is that all network nodes must know of other nodes and all addresses of devices must be known. From the outset, the purpose of basic network security was to protect the physical network from attack by limiting connectivity between the two networks.

Emergence of the Security and Access Trade Off

The unfortunate downside of physical security that limits connectivity for untrusted users is that it also limits connectivity for trusted users. To provide access for trusted users,network administrators were forced to start 'fixing' the networking rules broken by the physical security as required by the users and the access they required. Opening holes in the perimeter security, however, to allow ingress and egress is exactly that: opening holes. Network administrators quickly realized that the amount of access granted to users was inversely proportional to the security of their network. A seemingly zero sum game, this network security and application access trade off is now a common dilemma within organizations large and small, domestic and international.

India Cyber Law and Cases

Welcome to the largest Database of Cyber Law and Cases from India. We publish cyber law cases & news from India. Send your suggestions / articles / news

Latest News

16 December 2009
Avoid Post-Thanksgiving Internet Scams
16 December 2009
Millions of computers are filled with fake security software