So many network security problems today could be prevented by integrating network security with the physical security protecting buildings. These problems include:

• Users leaving classified or sensitive documents open on their screen during lunchtime.
• A hacker, sitting outside of office building, logging into the corporate network by way of the WIFI network.
• A hacker stealing a user’s credentials and logging into their PC when the user has left the building or gone to a meeting.

Yet all too often, tying the building’s security system and the network security system together has been a complex integration challenge. Now with IF-MAP, that solution exists today. The solution involves the use of Hirsch Velocity Security Management System, a Cisco switch, an Infoblox MAP server and a Juniper IC 4000 UAC appliance.

When a user (say Mary) enters the building or a particular zone, she swipes a card through the Hirsch security sensor and the Hirsch system publishes the Mary’s location (Zone 1, headquarters etc.) to the Infoblox MAP server.

1. Mary attempts to log into the network. The Cisco switch sends the credentials to the Juniper IC4000 UAC appliance for authentication.
2. The IC4000 authenticates Mary, publishes an update to the MAP server, subscribes to any changes to her session, and instructs the firewall to open the necessary ports for Mary.
3. The Cisco switch allows Mary to access the classified network through the Juniper firewall.
   Should Mary leave the premises, the Hirsch sensors posts an update of her location to the MAP database, which changes her session’s metadata on the MAP server.
4. The IC4000 UAC appliance receives the MAP update and then instructs the firewall to close the port and disconnect the user from the classified network.
5. Should Mary leave the premises, the Hirsch sensors posts an update of her location to the MAP database, which changes her session’s metadata on the MAP server.
6. The IC4000 UAC appliance receives the MAP update and then instructs the firewall to close the port and disconnect the user from the classified network.

Similar approaches can be used for addressing other security problems. To prevent attackers from using the WiFi network from outside the building, IT can compare the credentials of the users attempting to log into the WiFi network with those who have entered the building. If a user is not located within the building, the user can be prevented from logging into the network. The same holds true for an internal hijacking of an account. If a user has exited the building and there is still an active session, IT can automatically terminate the session. This would protect companies against laptop theft (user still here, laptop left) and unauthorized access (user left building, laptop still inside but accessed by someone else).