With the growth of the internet the amount of malicious activity as well as the size of the networking resources that have to be managed by a typical organization have grown and continue to grow. Changes in the size and nature of the internet environment have caused an increase in size and complexity of network filtering policy and implementation. These issues are compounded when different personnel, hardware brands, and physical locations come into play. The end result is a need for a new type of tool for managing network access control.
Cyber NAC Compliance Director provides an enterprise level solution for management of complex network traffic policies by multiple IT personnel. Policies are stored on a centralized system with user access control and secure web access for management. Network device configurations can be synchronized automatically or manually to reflect changes in policy.
Access list policies must coincide when some are overall policies that change infrequently while others are known offender lists that are constantly updated. Organizations with multiple locations and multiple network gateways need a way to control compliance to their access policies on all these devices at different locations.
Automation: Organizations managing multiple devices do not want to manually enter new rules or manually upload new versions of access lists to each router and firewall whenever there is a change to policy or a need to respond to a threat.
Compliance: Managers who are responsible for networking infrastructure need a way to verify that the policies that are developed for the network are actually being implemented correctly and applied as directed.
Portability: Configuring access control lists is an area that has basically all of the concepts in common between vendors, and no standard for the syntax or format. The disparity between devices is not only a drain on manpower in organizations, but it also a hindrance to adopting better solutions when they become available.
Tracking: Organizations also need a way to track what changes have been made to their access lists both globally and on a per device basis for troubleshooting and for ensuring compliance to policy. When a policy related problem occurs, anyone responsible for finding the solution needs the ability to see what has changed.
Resources
These are frequently updated links to useful online resources related to access-lists network policy management.
This is a free online tool to convert access-lists and firewall filters between different formats such as from Cisco to Juniper or PIX to Cisco IOS, etc.
