IT network assurance

Last updated

IT network assurance quantifies risk from an IT network perspective, based on analysis of network facts. [1] Examples could be identifying configuration errors in network equipment, which may result in loss of connectivity between devices, degradation of performance or network outages. Relevant facts about the network that could be analyzed would include not only network configuration files, but current network state, network traffic analysis, error logs or performance data. [2]

Contents

Network Assurance is closely related to the topic of Service assurance, which is primarily for service providers and telecommunication networks to ensure the proper level and quality of network service are delivered to customers. IT network assurance is generally for corporate networks and enterprise IT departments. [3] Network assurance involves the engineering process of formal verification, which specifically contrasts with design testing. Verification of network design compares the policy requirements of the network with the actual implementation under all conditions, rather than testing specific test scenarios under a finite number of conditions. [4]

A complement to IT application-level security and data-level security solutions, and a sub-set of Network management, Network assurance measures the impact of network change on security, availability, and compliance. Network assurance helps companies keep policies and defences correctly implemented during times of rapid network change. It also helps organizations prioritize remediation efforts and validate network policies and controls. [5] [2] [6] Colleges are now offering classes specifically for this Network Management sub-domain under IT Forensics. [7] The capabilities of a network assurance solution also overlap closely with the technology category of intent-based networking, which also compares network intent and required policies with actual network designs and configurations to provide assurance of network functions. [2] [8] [9]

Vendors

IP Fabric introduced a software platform in 2017 which seeks to improve the reliability and security of enterprise networks through continuous network assurance. Cisco introduced a network assurance solution in January 2018 called Network Assurance Engine. [9] Veriflow Systems is another vendor that claims to provide network assurance capabilities in its platform through continuous network verification. [10] All three of these systems rely on a mathematical model of the network, rather than monitoring of live network traffic, to analyze and verify behavior in comparison to network intent and desired policies. [11] [9]

See also

Related Research Articles

<span class="mw-page-title-main">Configuration management</span> Process for maintaining consistency of a product attributes with its design

Configuration management (CM) is a management process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. The CM process is widely used by military engineering organizations to manage changes throughout the system lifecycle of complex systems, such as weapon systems, military vehicles, and information systems. Outside the military, the CM process is also used with IT service management as defined by ITIL, and with other domain models in the civil engineering and other industrial engineering segments such as roads, bridges, canals, dams, and buildings.

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, network switches, servers, workstations, printers, and more.

The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification. It is currently in version 3.1 revision 5.

Virtual private network (VPN) is a network architecture for virtually extending a private network across one or multiple other networks which are either untrusted or need to be isolated.

In the context of hardware and software systems, formal verification is the act of proving or disproving the correctness of a system with respect to a certain formal specification or property, using formal methods of mathematics. Formal verification is a key incentive for formal specification of systems, and is at the core of formal methods. It represents an important dimension of analysis and verification in electronic design automation and is one approach to software verification. The use of formal verification enables the highest Evaluation Assurance Level (EAL7) in the framework of common criteria for computer security certification.

Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly. Deep packet inspection is often used for baselining application behavior, analyzing network usage, troubleshooting network performance, ensuring that data is in the correct format, checking for malicious code, eavesdropping, and internet censorship, among other purposes. There are multiple headers for IP packets; network equipment only needs to use the first of these for normal operation, but use of the second header is normally considered to be shallow packet inspection despite this definition.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Software quality assurance (SQA) is a means and practice of monitoring all software engineering processes, methods, and work products to ensure compliance against defined standards. It may include ensuring conformance to standards or models, such as ISO/IEC 9126, SPICE or CMMI.

Software assurance (SwA) is a critical process in software development that ensures the reliability, safety, and security of software products. It involves a variety of activities, including requirements analysis, design reviews, code inspections, testing, and formal verification. One crucial component of software assurance is secure coding practices, which follow industry-accepted standards and best practices, such as those outlined by the Software Engineering Institute (SEI) in their CERT Secure Coding Standards (SCS).

Cisco Certifications are the list of the Certifications offered by Cisco Systems. There are four to five levels of certification: Associate (CCNA/CCDA), Professional (CCNP/CCDP), Expert (CCIE/CCDE) and recently, Architect, as well as nine different paths for the specific technical field; Routing & Switching, Design, Industrial Network, Network Security, Service Provider, Service Provider Operations, Storage Networking, Voice, Datacenter and Wireless.
There are also a number of specialist technicians, sales, Business, data center certifications and CCAI certified instructors.

A High Assurance Internet Protocol Encryptor (HAIPE) is a Type 1 encryption device that complies with the National Security Agency's HAIPE IS. The cryptography used is Suite A and Suite B, also specified by the NSA as part of the Cryptographic Modernization Program. HAIPE IS is based on IPsec with additional restrictions and enhancements. One of these enhancements includes the ability to encrypt multicast data using a "preplaced key". This requires loading the same key on all HAIPE devices that will participate in the multicast session in advance of data transmission. A HAIPE is typically a secure gateway that allows two enclaves to exchange data over an untrusted or lower-classification network.

The XTS-400 is a multilevel secure computer operating system. It is multiuser and multitasking that uses multilevel scheduling in processing data and information. It works in networked environments and supports Gigabit Ethernet and both IPv4 and IPv6.

40 Gigabit Ethernet (40GbE) and 100 Gigabit Ethernet (100GbE) are groups of computer networking technologies for transmitting Ethernet frames at rates of 40 and 100 gigabits per second (Gbit/s), respectively. These technologies offer significantly higher speeds than 10 Gigabit Ethernet. The technology was first defined by the IEEE 802.3ba-2010 standard and later by the 802.3bg-2011, 802.3bj-2014, 802.3bm-2015, and 802.3cd-2018 standards. The first succeeding Terabit Ethernet specifications were approved in 2017.

Data loss prevention (DLP) software detects potential data breaches/data exfiltration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

<span class="mw-page-title-main">Trusted Computer System Evaluation Criteria</span>

Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify, and select computer systems being considered for the processing, storage, and retrieval of sensitive or classified information.

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.

Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). SIEM is typically the core component of any security operations center (SOC), which is the centralized response team addressing security issues within an organization.

<span class="mw-page-title-main">CCIE Certification</span> Technical certification offered by Cisco Systems

The Cisco Certified Internetwork Expert, or CCIE, is a technical certification offered by Cisco Systems. The Cisco Certified Internetwork Expert (CCIE) and Cisco Certified Design Expert (CCDE) certifications were established to assist the industry in distinguishing the top echelon of internetworking experts worldwide and to assess expert-level infrastructure network design skills worldwide. Holders of these certifications are generally acknowledged as having an advanced level of knowledge. The CCIE and CCDE communities have established a reputation for leading the networking industry in deep technical networking knowledge and are deployed in the most technically challenging network assignments. The expert-level certification program continually updates and revises its testing tools and methodologies to ensure and maintain program quality, relevance and value. Through a rigorous written exam and a performance-based lab exam, these expert-level certification programs set the standard for internetworking expertise.

A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration. Most of the major financial institutions utilize WAFs to help in the mitigation of web application 'zero-day' vulnerabilities, as well as hard to patch bugs or weaknesses through custom attack signature strings.

References

  1. Network Assurance Solidifies Data Security Fully Understanding the Network is Critical to Validating the Security of Your Data Archived 2008-07-04 at the Wayback Machine , Wall Street Technology Association, 2007.
  2. 1 2 3 "The Case for Network Assurance" (PDF). IDC. Feb 2013. Retrieved 2015-05-02.
  3. "What is service assurance (SA)?". TechTarget. Archived from the original on 13 February 2018. Retrieved 12 February 2018.
  4. Heller, Brandon (27 April 2017). "Seeking truth in networking: from testing to verification". Forward Networks. Retrieved 12 February 2018.
  5. Dario Molinari (2014-04-23). "Why network assurance is still relevant". IBM . Retrieved 2015-05-02.
  6. "Communications Network Assurance Services". Infosys . Retrieved 2015-05-02.
  7. "Security & Network Assurance". Palm Beach State College. Archived from the original on 2015-06-30. Retrieved 2015-05-02.
  8. Lerner, Andrew (7 February 2017). "Intent-based networking". Gartner. Retrieved 12 February 2018.
  9. 1 2 3 Kerravala, Zeus (31 January 2018). "Cisco brings intent based networks to the data center". NetworkWorld. Retrieved 12 February 2018.
  10. "Veriflow Systems". Bloomberg. Retrieved 12 February 2018.
  11. "Getting Grounded in Intent=based Networking" (PDF). NetworkWorld. Retrieved 12 February 2018.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.