After Sep. 11, 2001, security is a greater concern for all of us. This includes cyber terrorism. The protection of information assets is a concern to private businesses, public organizations, and individual households. Nearly everyday we hear or read about hackers and computer viruses with weird names like the W.32 Donut virus, the Code Red virus, and the “I love you” virus. The tentacles of cyberspace reach into our homes and offices leaving us vulnerable to intruders and exposing weaknesses.
In today's interconnected world, an enterprise's private network is often not as private as it once was. Business-to-business relationships and employee connectivity often require connections to an enterprises' intranet through uncontrolled networks. How can a security administrator be confident that these communication lines are not used for unauthorized access to company resources? Often there are many points of access to an enterprise's private network. Employees work from home or on the road. Customers need access to data. Vendors access data or update systems. Each one of these points of access is a potential security hole that unauthorized users can exploit. There is a need to increase control over these access points and minimize the risks involved.
A major risk facing most enterprises is the lack of consistent configuration, deployment, and usage across the enterprise. This problem is compounded by the difficulty of determining the faults and non-compliance of specific users. Suppose an enterprise sends a memo to all its users telling them that they need to install a patch to avoid a known risk. The problem with this is that some people are not even going to get the memo or read it and others will try to install the patch but then not configure it properly. There is no way to ensure the patch is installed. There is a need for a way to uniformly enforce security requirements.