While I agree they should, most do not due to management buy-in/budgeting/staffing levels. I have worked at a lot of companies and many do not have security down to the port. Something like the wireless captive portals should be default and should request a CAC card or key fob for every new connection to store a digital signature that associates a new network connection and checks it against a database to assure it's a current employee. I don't see this changing either because network equipment manufacturers prefer to push obtuse command line rather than easy to use integrated tools for network discovery, security, and access control. That's not going to change while vendors are more interested in network speed and reliability than security. I'd agree that it'd be a best practice but honestly it'd require huge changes in how we set up networks. It's definitely not the norm to secure these areas as well as they should and the tools we have to implement network access are not at all automated or easy. ![]() Many places had desks and offices inside network closest for desktop support even. ![]() But no where I've worked, hospitals, government, casinos, even Fortune 500 has had port security, PNAC, except for the occasional isolated secure network. I'd love it if this or better still IPSEC and digital signatures were the norm to access internal networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |