Business Snapshot: Security
Just as explorers introduced disease to previously isolated populations, opening up corporate systems has added a slew of challenges. Although security policies were originally designed to keep unwanted intruders out, they now must also let the right people in, and do it as quickly and seamlessly as possible.
The biggest threat, of course, is the Internet. U.S. companies currently spend just under half a percent of revenues securing networks and information. Over the next 10 years, Gartner Inc. predicts this number will rise to four percent. The driver is the Internet. Gartner says that by 2004, four out of five companies will use the Internet as a key part of their businesses. More telling, at least half of those companies will experience a financially significant loss as the result of security breaches through the Internet. There are three steps to building the essential security framework:
- Step 1: Firewall
- Step 2: Intrusion Detection and Monitoring
- Step 3: Virus Protection
Step 1: Pour the Firewall Foundation
Firewalls exist as appliances, software and integrated packages. They are one of the oldest security measures still in use. IBM’s SecureWay Firewall, for example, was developed by IBM research in 1985 and still protects the company’s own systems.
Firewalls serve as a barrier that permits only authorized traffic to pass back and forth. They do this by enforcing security policies, or predefined permissions, rules and roles. [See "Firewalls Fill the Gap" —Ed.]
Many companies resist taking a full-blown policy-based approach to security. Instead, they write security policies for individual applications. Security policy updates are thus time-consuming and tedious.
Security vendors are introducing tools and services to help companies formulate and manage their security policies centrally. The value of such an approach includes reduced design and implementation costs, lower operating costs and decreased operating risks.
The Threat from Within
A common misconception is that security breaches originate exclusively from outside the firewall. In fact, most network-enabled fraud comes from within the enterprise.
The Computer Security Institute (CSI) reports that between 60 and 80 percent of network misuse comes from within the enterprises affected by the misuse. Insider attacks, however, are on the decline. According to the CSI, the number of companies experiencing insider attacks fell from 54 percent in 1996 to 31 percent in 2001.
Step 2: Monitor for Intruders
Intrusion detection and monitoring systems alert network administrators to hacker, cracker and even Denial of Service (DoS) attempts. Many systems also provide the ability to document break-ins for future investigation.
Trends: Smarter Systems
Look for intrusion detection and monitoring systems that also provide preventative "vulnerability assessment" capabilities. These add-ons will scan systems to identify potential weak areas. Examples include Network Associates/PGP Security’s CyberCop Scanner for Windows NT/2000 and Intrusion.com’s Security Analyst.
Step 3: Inoculate Users
According to a survey by the Computer Security Institute, 94 percent of companies surveyed detected computer viruses in 2001. The importance of anti-virus software in any corporate security policy can’t be understated.
Although traditionally reserved for the home-user market, content filtering capabilities are being added to enterprise-level anti-virus tools as well. Content filtering tools help control content entering the network by scanning the subject and body of any e-mail.
To prevent users from spreading messages about potentially false viruses, which can take up valuable network traffic and system space, you might consider implementing a hoax-prevention policy. This can be as simple as keeping an up-to-date list of virus hoaxes on your intranet where users can access it. An example of such a list is available at: www.sophos.com/virusinfo/hoaxes
Ongoing Technical Concerns
Regardless of size, most companies are grappling with these common issues when it comes to implementing and updating their security policies:
Interoperability: The OPSEC protocol (from Checkpoint) aims to address this by providing interoperability among security products. Their interoperability with other corporate systems, however, remains a challenge.
Cost: As more studies quantify losses from security breaches, concern over initial security system costs will become less of an issue.
| Mid- to Large-Sized Firewall Vendors |
|Cisco Systems Inc.||www.cisco.com/warp/public/44/jump/secure.shmtl||Secure PIX Firewall||Windows NT|
|Computer Associates Int'l Inc.||www3.ca.com/Solutions||ETrust Firewall||Windows NT |
|CyberGuard Corp.||www.cyberguard.com/products/index_ie.asp||FireSTAR applicance, KnightSTAR appliance, STARLord appliance||Windoxs NT, UnixWare|
|IBM Corp.||www-4.ibm.com/software/security/firewall/||SecureWay Firewall||Windows NT, AIX|
|Network-1 Security Solutions Inc.||www.network-1.com/products/index.html||CyberwallPLUS suite||Windows NT/2000|
|Network Associates/PGP Security||www.pgp.com/products/gauntlet/default.asp||Gauntlet 6.0 Firewall||Solaris 8/SPARC or Ultra SPARC; HP-UX 11; Windows NT 4.0|
|Microsoft Corp.||www.microsoft.com/isaserver/||Internet Security and Acceleration (ISA) Server 2000||Windows 2000|
|RapidStream Inc.||www.rapidstream.com/html/products.html||Network Security Appliances||Windows 95, 98, NT and 2000; Solaris; Linux|
|Sun Cobalt (previously Progressive Systems)||www.cobalt.com/products/qube/adaptive.html||Adaptive Firewall||Any Java-compliant platform|
|Symantec Corp.||http://enterprisesecurity.symantec.com/||Enterprise Firewall; VelociRaptor Firewall Appliance||Windows NT, Windows 2000|
| Intrusion Detection Vendors |
|Cisco Systems Inc.||www.cisco.com/||Cisco Secure Intrusion Detection System (IDS), formerly NetRanger||Solaris, HP-UX, Windows NT|
|Intrusion.com Inc.||www.intrusion.com||SecureNet Pro software||Red Hat Linux 6.x|
|NetIQ Corp.||www.netiq.com/Products/Operations/Security_Manager/Default.asp||Security Manager||Windows NT, Windows 2000|
|Symantec (Axent)||http://enterprisesecurity.symantec.com/||Intruder Alert and NetProwler||Intruder Alert: Windows NT, Unix (Solaris, HP-UX, AIX, Tru64, NCR, etc.), and Novell NetWare; NetProwler: Windows NT|
| Anti-Virus Vendors |
|Deerfield.com||www.deerfield.com/products/||MailScan, GateMonitor||Windows 95, 98, NT 4.0, 2000|
|Network Associates||www.mcafeeb2b.com/products/desktop-protection.asp||McAfee VirusScan||Windows 95, 98, Me, 2000, NT 4.0; Unix|
|Sophos||www.sophos.com/products/antivirus/||Sophos Anti-Virus||Desktop: Windows 95, 98, 2000, ME, Windows 3.1x; OS/2; Macintosh, Server: Windows NT and 2000, Novell NetWare, OS/2, Unix, OpenVMS|
|Symantec||http://enterprisesecurity.symantec.com/||Symantec AntiVirus Solutions, Norton AntiVirus||Symantec: Windows 95, 98, NT, 2000; and NetWare. Norton: Windows 95, 98, NT, 2000, Windows Me; NetWare|