** the regular weekly edition of Security UPDATE won't **
** be mailed. Security UPDATE will resume July 11. **
This extra, monthly edition of Security UPDATE lets you know about
resources and events that can help you keep your security knowledge
and skills up to date and keep your Windows and other systems secure.
=== SECURITY Q&A ===============================================
by Randy Franklin Smith, rsmith@ultimatewindowssecurity.com
Q: Which is better for securing our intranet: 802.1x or IPsec? Our
company has several branch offices with varying degrees of physical
security and many publicly accessible areas that have network drops
connected to our corporate intranet. Like most companies, we have many
visitors, including clients, contractors, consultants, and other
business partners. We're interested in preventing rogue or insecure
computers infected with malware from connecting to our intranet.
A: 802.1x and IPsec are complementary technologies that require
computers to prove they are trusted. 802.1x is a hardware-based
solution that limits access to the network, whereas IPsec is a host-
level protocol that secures packets. IPsec requires that sending and
receiving devices share a public key. 802.1x has specific hardware
requirements that apply to edge switches (i.e., switches connected to
your network receptacles, also known as "drops," that must support
802.1x). When a computer connects to a port on a switch, the 802.1x
switch requires the computer to authenticate before the switch opens
the port to the network. 802.1x doesn't re-authenticate until the
computer is physically disconnected from the port and reconnected,
which triggers 802.1x authentication again. 802.1x requires a Remote
Authentication Dial-In User Service (RADIUS) server (two for fault
tolerance), against which the edge switches authenticate computers that
are connected to controlled ports on the switch. IPsec authenticates,
checks the integrity of, and optionally encrypts packets. Although
802.1x protects initial access to the network itself, IPsec protects
individual computers on the network. IPsec is the more popular choice
for securing intranets because 802.1x is more vulnerable to an attacker
and IPsec is more flexible.
(This Security Q&A originally appeared in Security Pro VIP's
Access Denied column.)
=== SECURITY RESOURCES =========================================
The following security-related resources are brought to you by Windows
IT Pro. For additional resources and information, visit
http://list.windowsitpro.com/t?ctl=5C58D:4160B336D0B60CB14549DAD9BCBD300E
Join Paul Thurrott for a deep dive into administering Windows Vista's
new security features with an emphasis on the new Group Policy settings
that are exposed by this release including USB device blocking and the
new Microsoft Desktop Optimization Pack. On-Demand Web Seminar
http://list.windowsitpro.com/t?ctl=5C585:4160B336D0B60CB14549DAD9BCBD300E
Learn the best ways to manage your email security (and fight spam)
using a variety of solutions and tips.
http://list.windowsitpro.com/t?ctl=5C587:4160B336D0B60CB14549DAD9BCBD300E
Combat phishing and pharming with complete protection against complex
Internet threats by filtering at multiple points on the gateway,
network, and endpoints.
http://list.windowsitpro.com/t?ctl=5C586:4160B336D0B60CB14549DAD9BCBD300E
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=5C58A:4160B336D0B60CB14549DAD9BCBD300E
http://list.windowsitpro.com/t?ctl=5C58C:4160B336D0B60CB14549DAD9BCBD300E
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=5C589:4160B336D0B60CB14549DAD9BCBD300E
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB14549DAD9BCBD300E
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=5C58B:4160B336D0B60CB14549DAD9BCBD300E
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=5C588:4160B336D0B60CB14549DAD9BCBD300E
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment