Global Network Assessment Shows Network Weaknesses

How’s your network? If you’re typical of the organizations surveyed for Dimension Data’s annual Network Barometer Report, there’s plenty of room for improvement.

The company aggregated data from 270 Technology Lifecycle Management (TLM) assessments conducted globally, reviewing an organization’s network readiness. It examined security vulnerabilities, the end-of-life status of network components, and any variances between how the network is actually configured versus best practices.

Take security vulnerabilities, for example. Overall, the percentage of networking devices with security vulnerabilities for companies of all sizes was a stunning 73 percent. Dig into the numbers more closely, Dimension Data found that half of the vulnerabilities could be attributed to a single problem: “PSIRT 109444 was found to be responsible for the jump, and was found in 66 percent of all devices analyzed during 2010.” [emphasis added]

The vulnerability was first identified by Cisco in September 2009, and it’s a serious one: a wide range of devices from Cisco “could have their TCP stated manipulated such that no new TCP sessions can be established, thereby resulting in a Denial of Service where the network device can no longer transmit data,” according to the report. Given the wide use of Cisco devices, eradicating the problem should be a high priority for network admins.

The report points out that “the prevalence of this ... security vulnerability suggests that for the majority of organizations, existing discovery and remediation processes are falling short of the mark.” It notes that “the 2010 assessment results showed that, apart from this particular threat, organizations had been patching fairly well, as the next four vulnerabilities were found in less than 20 percent of all devices.” With two-thirds of devices harboring a serious problem, I’m reminded of the question, “Other than that, Mrs. Lincoln, how was the play?”

The good news is that when it comes to hardware, IT is paying attention. “The percentage of devices in late stage end-of-life dropped from 58 percent last year to 47 percent this year, and those beyond [last day of support, after which vendor support ceases] dropped from 31 percent last year to 9 percent.”

The report also looked at configuration issues, reporting an average of 29 for all organizations examined. The firm used automated tool sets to compare configuration issues based on a “single, generic configuration policy set” derived from a variety of sources, including Cisco Safe Blueprint, ISO 17799, and PCI DSS (Payment Card Industry Data Security Standard). This is down from an average of 42 for last year. “One possible explanation for this improvement is that the global financial crisis -- which delayed many capital expenditure projects -- may have provided the opportunity for organizations to focus on enforcing configuration policies,” the report explains.

Even 29 may be too high. Data Dimension cautions that “Not only do certain configuration errors open the door for serious security threats and access violations, they also a leading culprit in terms of network availability. ... Other research has found that as much as 80 percent of application performance problems and network downtime can be attributed to configuration change or error, and surmises that over half of all major network failures may be caused by configuration errors.”

Dimension Data says its TLM assessment “provides organizations the compass they need to chart their IT asset landscape, enabling fundamental security, configuration, and end-of-life network device issues to be proactively addressed.” It must be working: those enterprises performing the assessment more frequently have fewer problems. “While the overall sample size was fairly consistent with previous years, repeat TLM assessment clients (25 percent of the sample) had a lower obsolescence rate (32 percent EoS [end of sale -- the date after which the product can no longer be purchases]) than [first]-time assessment clients (40 percent) and the overall average (38 percent).”

The complete report is available for download (short registration required) at www.dimensiondata.com/networkbarometer.

-- James E. Powell
Editorial Director, ESJ

Posted by Jim Powell on 05/23/2011