The Lippis Report

Thanks for visiting the Lippis Report. We provide access to thousands of industry white papers, case studies, presentations and podcasts, all you need to do is register. Enjoy!

Local Area Network or LAN changes have ebbed and flowed on a nearly consistent five-year basis. In 1990 the worldwide $100M plus 10Mbs shared Ethernet market was emerging as the LAN standard. It was only five years later that the introduction of 100 Mbs fast Ethernet and the introduction of Ethernet switching usurped 10Mbs shared Ethernet. Between 1995 and 2000 two
very important introductions were made to switched LANs: virtual local area networking (VLANs) and 1 Gbs Ethernet. Now with every new generation of LANs, the market has grown by billions of dollars. The transition from shared to switched LANs was explosive, growing a $5.2B market in 1995 to over $14B in 2000. Part of this nearly triple market expansion was due to the transition from switched LANs to VLANs. The period between 2000 and 2003 showed flat to negative growth, due mostly to the global economic slump, but the LAN market is about to make another fundamental transition from VLANs to ?¢‚Ǩ?ìTrusted LANs?¢‚Ǩ¬ù, which will grow this market again by billions of dollars. The key value proposition of Trusted LANs is the provisioning of secure internal networks or LANs at high speeds independent of whether transport is wireless or wired. In short, Trusted LANs will be the new organizing principal for LANs.

Nearly all vendors are involved in the development of this new Trusted LAN market. Companies such as Cisco and their partners (including IBM, Network Associates, Symantec and Trend Micro, Microsoft, Computer Associates, etc.) are taking a lead in spearheading Trusted LANs. Cisco, with its acquisition of the PIX firewall, drove revenue from nearly zero to hundreds of
millions in just a few years and is now a network security powerhouse. The major switched Ethernet vendors such as Enterasys (the Cabletron Spin-off), Extreme, Foundry, 3Com, Force10 and HP are all working on and investing in their Trusted LAN solutions. Enterasys has in fact focused its entire company and much of its R&D efforts on secure networking which makes it a leader in Trusted LANs. All WLAN players such as Aruba, Reefedge, Airmagnet, Legra, Bluesocket, Chantry, Colubris, etc will be Trusted LAN providers as Wireless LANs increasingly become folded into the Trusted LAN framework.

Network security will indeed drive the growth of Trusted LANs and it´s where most of its value proposition resides. But just like VLANs is a feature of switched LANs, Trusted LANs will be integral to 1 and 10Gb Ethernet, WLANs, IP telephony, IP communications, data center networking and networked storage, etc. At present, network security services are the cornerstone
to Trusted LANs. But network security has been focused on perimeter defense for the past ten plus years. This perimeter-focused network security approach has resulted in the creation of a hard shell around an enterprise but a soft core within a company where vulnerabilities are the highest. We all know the stories: an employee plugs a laptop into the enterprise network only to
spew a virus or worm that infected the laptop the night before while the employee worked at home. If it´s not an employee it´s a consultant or a guest. This little accident has the potential to shut down buildings and send operational staff running for days to contain and disinfect corporate systems. There is a multitude of ways to infect a LAN but our industry has not provided the
protection or resistance to these internal vulnerabilities until now.

In order to protect LANs without driving up operational cost, security services will have to be integrated into the network fabric. What this means is that firewalling, intrusion detection, intrusion prevention, NBAD, virus and worm scanning, VPNs, etc. will be increasingly distributed into modules, boards, ASIC and the internal software of switches, access points, routers, end points and servers. As this integration and distribution of security function occurs its management becomes simplified with a single interface to manage LAN and security services. In short, there is no need to have two groups, one managing switches, access points and routers and one managing security devices and their enormous output of alarms and alerts. This reduction of the number of management interfaces reduces the staff cost necessary to operate Trusted LANs. Now, not only does management become simplified in Trusted LANs, but most importantly network security services can be put to more effective use delivering a tighter and more secure LAN environment. Trusted LANs will link unified directory services with employee profiles, with network and device profiles with AAA databases and host based virus scanning so that when anyone plugs a laptop or PDA or IP phone into the LAN they will be authenticated, scanned for viruses or worms if needed, their profile consulted and access provided to those
resources available to them. The linking of these systems is called the backend of Trusted LANs. The backend security architecture goes a long way toward closing internal network vulnerabilities. Clearly there is a lot of effort required to make the backend of Trusted LANs work, but to close the largest vulnerability in corporate networking, these systems need to be
architected and linked into a Trusted LAN framework. Companies such as IBM, CA, Avaya et al will offer professional services to build and maintain the backend of Trusted LAN.

With a robust Trusted LAN backend in place, IT staff can now segment their organizations into Trusted LAN ?¢‚Ǩ?ìsecure domains?¢‚Ǩ¬ù. A secure domain is a space that segments users, systems, applications, locations, end points, etc. into combinations that fit the business requirements of the enterprise. For example, some employees may be working on a federal contract that restricts the
access of data, messages, information, applications, etc. to only those on a need to know basis. A secure domain can be wrapped around those employees and systems that firewalls them from all other corporate IT resources. Financial performance information can be placed into a secure domain that includes only the executive, financial and accounting staff. The development of a new product can be placed into a secure domain, which consists of only engineering and marketing teams. Secure domains will crisscross over Trusted LANs; some may overlap while others will be mutually exclusive from each other. Secure domains can be porous as well, allowing global access to printers for example, or other shared resources. In short, IT resources
will be organized into security domains while a Trusted LAN will be an organization of secure domains.

There is a lot to cover here and we will be exploring various important aspects of Trusted LANs over the next year including backend architecture, design approaches and secure domain guidelines.