Security services becomes part of the fabric

The second rule is that, whenever possible, new management products should be integrated with the existing transport and management products that are already in place. In this context, the term "integrated" generally means that the new product should be able to perform some subset of useful management functions on the existing boxes and should be able to share some subset of data with products already installed at Command Central.

Recent security announcements from Cisco illustrate that the vendor understands (and often benefits) from these two rules. New enhancements to IOS include intrusion-detection features acquired through last year's purchase of the Wheel Group. Fifty-nine attack signatures from the former Wheel Group's NetRanger ID system have been built into the IOS Firewall, which is supported on 1700, 2600, 3600 and 7200 class routers. Using this approach, the IOS Firewall can then detect hacker attacks directly within the router itself.

This functionality appears to support both the first (i.e. utilize the management functionality that is embedded within the network) and second (ensure that the new management system can effectively integrate with what is already running at Command Central) cardinal rules.

However, one important thing to realize is that, much like the management system itself, security management is made up of a number of separate components. One size definitely does not fit all when data traffic encryption, authentication, access control, accounting and logging are taken into consideration. This clearly applies to both vendors as well as products.

Therefore, while embedded firewall and attack detection support functionality within the network infrastructure makes a great deal of sense for many good reasons, by no means does it constitute the total security picture. Users are well advised to apply the same two cardinal rules to the complete systems and network security picture that they should apply to the network management system.