With network operators, corporations and world governments coping with appalling data breaches, "network security" might reasonably be considered one of those phrases where the constituent words cancel each other out, as in, for example, "jumbo shrimp" or "military intelligence." If network security is going to be anything less than the joke it's becoming, it's important that as many people involved in network operations be well versed in the latest tools and techniques.
Cisco Systems Inc. (Nasdaq: CSCO) believes there will be a big business in providing those tools and techniques. In the last few years, the company has dropped billions of dollars on a set of companies associated with network security, most recently including ThreatGrid, Lancope and OpenDNS. Last year Cisco picked up Portcullis Security Solutions and Neohapsis, and the year before that SourceFire and Cognitive Security. That's a partial list.
At the Barclays Global Technology Brokers Conference earlier this week, Hilton Romanski, Cisco SVP and chief strategy officer, said, "I think in this hyperconnected world, it's going to continue to be a major area where we and other vendors need to focus relentlessly to be able to deliver value and safety for our customers and our partners ... The nature of threats at enterprises and customers, irrespective of market segment, continues to rise."
The new network security course that the company is offering, called Cisco CCNA Security 210-260 IINS, is thus just one element of Cisco's overall security thrust.
Cisco expert Keith Barker put together the course. Barker knows what every other network security expert does: a) network security is a moving target, b) that no network can be secured unless security is a top priority, and c) security is not always a top priority.
Cisco can provide tools, but that doesn't mean corporations or government agencies will buy them, and if they do it, that hardly guarantees they'll use what they bought, let alone use it correctly. Some of the most spectacular data breaches in recent years might have been stymied had network operators done nothing more than change default passwords.
That's one of the reasons why Barker believes it's especially important for IT pros to be familiar with security matters. If security isn't the responsibility of anyone in particular, it's the people who work IT departments who will end up being responsible for it by default.
The course videos touch on a number of security-related subjects, including port security, secure switching, zone-based firewalls, cryptography and more.
"How every vendor works is that they care about their piece of the pie, and what they can do, and they market it as best they can. That leads to the skills that an IT professional should have, which includes understanding most of those technologies," Barker told Light Reading.
"The person who understands those pieces and the vulnerabilities that exist within each of those and between each of those -- that's the person who's going to be sought after to integrate solutions," he continued.
The revised security course will of course touch on virtualization, which definitely opens new security concerns, but also leads to new opportunities.
"The network has switches and routers and cables and connectors and there are certain things you can do in a physical environment to protect those resources, like port security, authentication for routing protocols, encryption for VPN services," Barker said.
"As we go to a virtualized infrastructure, if you're doing networking, we still have switches, we still have routing. Though there isn't a box you can point to … the concepts are the same. If the individuals who have the experience with brick-and-mortar physical devices were doing the virtualization, that would be great. But here's what I've discovered: the folks doing virtualization, most of them don't have a networking background, so as they put in virtual switches and virtual routing, if they don't have the exposure to the security measures of the physical aware, they won't be aware of the security measures needed in the virtual world."
That said, in some instances virtualization can lead to security enhancements that otherwise simply wouldn't exist. "Instead of having a physical firewall, you can have a logical firewall policy on every port," Barker explained. "As that server gets moved, say, from Des Moines to Las Vegas, the policy can follow the virtual server. That's something in the physical world you just can't do."
CBT Nuggets subscriptions are available for individuals or teams, and can be paid monthly or yearly.
— Brian Santo, Senior Editor, Components, T&M, Light Reading