Security

Is your enterprise incorporating the appropriate steps to building the essential security framework?

• By Clara Parkes
• 08/01/2001

Just as explorers introduced disease to previously isolated populations, opening up corporate systems has added a slew of challenges. Although security policies were originally designed to keep unwanted intruders out, they now must also let the right people in, and do it as quickly and seamlessly as possible.

Internet Threats
The biggest threat, of course, is the Internet. U.S. companies currently spend just under half a percent of revenues securing networks and information. Over the next 10 years, Gartner Inc. predicts this number will rise to four percent. The driver is the Internet. Gartner says that by 2004, four out of five companies will use the Internet as a key part of their businesses. More telling, at least half of those companies will experience a financially significant loss as the result of security breaches through the Internet. There are three steps to building the essential security framework:

• Step 1: Firewall
• Step 2: Intrusion Detection and Monitoring
• Step 3: Virus Protection

Step 1: Pour the Firewall Foundation
Firewalls exist as appliances, software and integrated packages. They are one of the oldest security measures still in use. IBM’s SecureWay Firewall, for example, was developed by IBM research in 1985 and still protects the company’s own systems.

Firewalls serve as a barrier that permits only authorized traffic to pass back and forth. They do this by enforcing security policies, or predefined permissions, rules and roles. [See "Firewalls Fill the Gap" —Ed.]

Trends: Centralize
Many companies resist taking a full-blown policy-based approach to security. Instead, they write security policies for individual applications. Security policy updates are thus time-consuming and tedious.

Security vendors are introducing tools and services to help companies formulate and manage their security policies centrally. The value of such an approach includes reduced design and implementation costs, lower operating costs and decreased operating risks.

The Threat from Within A common misconception is that security breaches originate exclusively from outside the firewall. In fact, most network-enabled fraud comes from within the enterprise. The Computer Security Institute (CSI) reports that between 60 and 80 percent of network misuse comes from within the enterprises affected by the misuse. Insider attacks, however, are on the decline. According to the CSI, the number of companies experiencing insider attacks fell from 54 percent in 1996 to 31 percent in 2001. —C.P.

Step 2: Monitor for Intruders
Intrusion detection and monitoring systems alert network administrators to hacker, cracker and even Denial of Service (DoS) attempts. Many systems also provide the ability to document break-ins for future investigation.

Trends: Smarter Systems
Look for intrusion detection and monitoring systems that also provide preventative "vulnerability assessment" capabilities. These add-ons will scan systems to identify potential weak areas. Examples include Network Associates/PGP Security’s CyberCop Scanner for Windows NT/2000 and Intrusion.com’s Security Analyst.

Mid- to Large-Sized Firewall Vendors

Company URL Product Platform Served Cisco Systems Inc. www.cisco.com/warp/public/44/jump/secure.shtml Secure PIX Firewall Windows NT Computer Associates International Inc. www3.ca.com/Solutions ETrust Firewall Windows NT CyberGuard Corp. www.cyberguard.com/home/index.cfm FireSTAR appliance, Firewall software, KnightSTAR appliance, STARLord appliance Windows NT, UnixWare IBM Corp. www-4.ibm.com/software/security/firewall/ SecureWay Firewall Windows NT, AIX Network-1 Security Solutions Inc. www.network-1.com CyberwallPLUS suite NT/2000 Windows Network Associates/PGP Security www.pgp.com/products/gauntlet/default.asp Gauntlet 6.0 Firewall Solaris 8/SPARC or Ultra SPARC; HP-UX 11; Windows NT 4.0 Microsoft Corp. www.microsoft.com/isaserver/ Internet Security and Acceleration (ISA) Server 2000 Windows 2000 RapidStream Inc. www.rapidstream.com/products/index.html Network Security Appliances Windows 95, 98, NT, 2000; Solaris; Linux Sun Cobalt (previously Progressive Systems) http://www.sun.com/hardware/serverappliances Adaptive Firewall Any Java-compliant platform Symantec Corp. http://enterprisesecurity.symantec.com/ Enterprise Firewall; VelociRaptor Firewall Appliance Windows NT, 2000

Step 3: Inoculate Users
According to a survey by the Computer Security Institute, 94 percent of companies surveyed detected computer viruses in 2001. The importance of anti-virus software in any corporate security policy can’t be understated.

Although traditionally reserved for the home-user market, content filtering capabilities are being added to enterprise-level anti-virus tools as well. Content filtering tools help control content entering the network by scanning the subject and body of any e-mail.

Trends: Scare-Savvy
To prevent users from spreading messages about potentially false viruses, which can take up valuable network traffic and system space, you might consider implementing a hoax-prevention policy. This can be as simple as keeping an up-to-date list of virus hoaxes on your intranet where users can access it. An example of such a list is available at: www.sophos.com/virusinfo/hoaxes.

Intrusion Detection Vendors

Company URL Product Platform Served Cisco Systems Inc. www.cisco.com/ Cisco Secure Intrusion Detection System (IDS) formerly NetRanger Solaris, HP-UX, Windows NT Intrusion.com Inc. www.intrusion.com SecureNet Pro software Red Hat Linux 6.x NetIQ Corp. www.netiq.com/Products/Operations/Security_Manager/Default.asp Security Manager Windows NT, 2000 Symantec (Axent) http://enterprisesecurity.symantec.com/ Intruder Alert and NetProwler Intruder Alert: Windows NT, Unix (Solaris, HP-UX, AIX, Tru64, NCR, etc.) and Novell NetWAre; NetProwler: Windows NT

Ongoing Technical Concerns
Regardless of size, most companies are grappling with these common issues when it comes to implementing and updating their security policies:

Interoperability: The OPSEC protocol (from Checkpoint) aims to address this by providing interoperability among security products. Their interoperability with other corporate systems, however, remains a challenge.

Cost: As more studies quantify losses from security breaches, concern over initial security system costs will become less of an issue.

Anti-Virus Vendors

Company URL Product Platform Served Deerfield.com www.deerfield.com/products MailScan, GateMonitor Windows 95, 98, NT 4.0, 2000 Network Associates www.mcafeeb2b.com/products/desktop-protection.asp McAfee VirusScan Windows 95, 98 Me, 2000, NT 4.0; Unix Sophos www.sophos.com/products/antivirus/ Sophos Anti-Virus Desktop: Windows 95, 98, 2000, Me, 3.1x; Macintosh, OS/2; Server: Windows NT and 2000, Novell NetWare, OS/2, Unix, OpenVMS Symantec (Axent) http://enterprisesecurity.symantec.com/ Symantec AntiVrrus Solutions, Norton AntiVirus Both: Windows 95, 98, NT, 2000; NetWare