Enterprise security testing: What are you missing?

By Aswath Mohan, director of marketing, Spirent Communications, Network World |  Security, network security

BYOD testing begins with the ability to emulate each device type that will connect with the network. As noted, there are numerous variations within basic protocols. Moreover, the same application may be implemented in different ways on PC and mobile platforms. In such situations, it's essential to test these differences. A testing tool with capture/replay capabilities can help here.

Beyond the application and protocol differences, there's also the question of device security. Prior to BYOD, enterprises controlled tightly regimented fleets of PCs and servers, with common versions of operating systems, applications and antivirus software.

That level of control goes away in the wild and wooly world of BYOD, where devices run many different applications and operating systems (and possibly viruses and worms). The unknown and untrusted nature of BYOD makes security testing essential.

The published vulnerability tests discussed earlier are one way of determining device security. Another way is to test what resources devices can reach. Many enterprises use posture assessment system as part of their network access control (NAC) infrastructure. These systems are intended to check whether BYOD and other devices have the right versions of software, run the right level of antivirus patches, use the right Windows registry settings and so on. A good security test tool can assess the effectiveness of the NAC infrastructure by deliberately emulating "safe" and "unsafe" devices for remediation. [Also see: "Will BYOD revive the network-access control idea? Gartner thinks it will"]

With all the new applications and device types on enterprise networks, security testing is more important than ever. It's time for enterprises to take ownership of security posture assessment -- and find the risks before the attackers do.

Spirent Communications is a global leader in test & measurement offering an extensive portfolio of solutions to test data centers, cloud computing environments, high speed Ethernet networks and services, 3G/4G wireless networks and devices, network security, and global navigation satellite systems. www.spirent.com

Read more about wide area network in Network World's Wide Area Network section.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question