Peer-Based Security Aims To Protect LANs From Insiders

One of the biggest security threats facing IT managers and LAN administrators is increasingly the threat from inside. One such threat: unsuspecting users whose laptop from home carries a virus that can infect an entire network.

One defense is peer-based security -- rather than the timeworn approach of firewalls, antivirus software, and patches, all defending against Internet incursions. Peer-based LAN security, says Steve Ocepek of the Wholepoint Corp., is beginning to get traction as a few companies are readying the technology for market.

"The problem with LANs is that there is no one spot where a virus can come in," said Ocepek, who is Wholepoint's chief technical officer, in an interview. "With peer based technology you can embrace the topography of the LAN and use it."

Ocepek, who will describe how peer-based security is beginning to take its place in corporate networks at this week's 2nd Annual Information Technology Security Conference, cited a Ernst & Young Security Survey that states "over 75 percent of attacks originate from within organizations."

Most network security today is organized around the IEEE's 802.1x security solution, which, says Ocepek, does a fine job of securing in-line devices, but often fails when a new device is introduced on a network. "Typically someone brings in a laptop from home," says Ocepek. "And the IT manager hasn't checked it out. Access points are another problem."Without security on the inside, what keeps employees from harvesting passwords, putting up unauthorized wireless access points, or anyone else with physical access to the building plugging anything into your network?"

Peer-based LAN security products, Ocepek notes, are just hitting the market now and they all work similarly. Wholepoint has a product called LANlord, Cisco Systems has its Self-Defending Network Initiative, and Mirage Networks has a peer-based product. Noting the phenomenon, Bob Gleichauf, CTO of Cisco VPN/Security, has said the Self-Defending Network Initiative's key innovation is that "it recognized that networks and end-point client devices need to communicate with each other about security issues."

Ocepek says the peer-based approaches work essentially the same -- they disable devices that are acting improperly. LANlord blocks a device that is behaving improperly by rendering it useless. "Technically, it manipulates the other devices on the LAN not to talk back to the (bad) device," he said.