1. Field of the Invention
The present invention is directed to computer networks, and more particularly, to a system and method for security access to network elements.
2. Related Art
Network resources and information are a principle asset of modern companies and must be protected against unauthorized access for usage, disclosure, modification and destruction. Since these resources and information reside in various network elements such as switches, signaling transfer points (STPs), mainframe computers, database servers, etc., access to the network elements must be adequately controlled based on the security policy that accurately reflects business practice. The security mechanisms or measures that are implemented based on the security policy not only have to guard against threats from external attacks, but also have to control internal access to the network elements based on the principle of "need-to-know."
Network resources include hardware, software and data that are crucial to the continuation and success of businesses in the highly dynamic and competitive marketplace. Therefore, these resources and information must be properly and adequately protected against unauthorized usage, disclosure, modification and destruction.
Most of the current networks that connect users and network elements do not have the necessary security mechanisms to provide the adequate and desired protection to the network elements. Most of the protection measures currently available in large networks are offered by the individual network elements, and, therefore, are not effective and sufficient for the entire networking environment. They are not effective because security controls based on local network elements cannot provide the level of protection that are required for the entire network as a single entity. These security measures are not sufficient because security measures that are based on individual network elements are limited to the elements and cannot be easily extended to control user access that is beyond the scope of the control of the network elements. It is also very difficult to administer and manage the individual pieces of the network to achieve the effectiveness due to the existence of different types of network elements in the network, and due to the lack of a universal standard that guides the manufacturing of hardware and the implementation of software. This problem becomes more and more severe as the network grows larger and larger.