Secure Access

“The proactive prevention of security breaches before they happen is a matter of controlling who has access to the network and the applications.”

Managed Security

The technology shift from legacy to IP based telephony implies a significant management challenge for providers of services:

  • Management and monitoring over different network types (IP, VPN, dial-up)
  • Management and monitoring of diverse equipment and applications
  • Increased application and network complexity
  • Increased security threats
  • Increasing cost of operation

Any time a computer-based system is exposed to a network, security issues arise. Especially in environments where enterprises depend on service operators to help manage their applications and systems. When a service operator is provided access to systems, the enterprise needs to ensure not to unnecessarily expose any systems to the service operator - or, for that matter, to malicious hackers.

To deal with such issues, the connections to the exposed systems are typically filtered by firewalls and routed over encrypted connections or networks (e.g. Virtual Private Networks, VPN). Unfortunately, these two common measures often bring a false sense of security, since both techniques typically only extend the private network; they don't protect it from misuse or attacks from within.

The main security weaknesses in systems that are based on computers and networks can be summarized in three problem areas:

  • Operating systems are insecure
  • Network protocols are insecure
  • Applications and application protocols are insecure.

Hacking from the inside is usually done by finding a weak link in the internal network and breaching this system. The hacker might continue by obtaining the credentials needed to attack other more secure systems on the network.

The following countermeasures are commonly taken in order to deal with the above security threats:

  • Well-configured firewalls to protect from the basic outside attacks. 
  • Well-configured and patched client and server programs to achieve a reasonable level of application security. 
  • Network partitioning to create small security domains that could be strictly controlled to ensure that a successful attack does not spread into all systems. 
  • Isolation of the systems (logically or physically) from the network so that the operating systems, the network protocols, and the applications cannot be attacked.

The last countermeasure, isolation of the systems from the networks, seems to be a contradiction to the need for remote control via networks and it is, at least in the case where the systems are physically moved away from the networks.

SCM is a combined solution that helps to logically isolate computer-based systems from the network and applies pre-defined methods to do the following:

  • protect application servers from unauthorized access,
  • encrypt network traffic,
  • authenticate users,
  • make authorization decisions,
  • log all user actions.