Business Snapshot: Security

Just as explorers introduced disease to previously isolated populations, opening up corporate systems has added a slew of challenges. Although security policies were originally designed to keep unwanted intruders out, they now must also let the right people in, and do it as quickly and seamlessly as possible.

Internet Threats

The biggest threat, of course, is the Internet. U.S. companies currently spend just under half a percent of revenues securing networks and information. Over the next 10 years, Gartner Inc. predicts this number will rise to four percent. The driver is the Internet. Gartner says that by 2004, four out of five companies will use the Internet as a key part of their businesses. More telling, at least half of those companies will experience a financially significant loss as the result of security breaches through the Internet. There are three steps to building the essential security framework:

  • Step 1: Firewall
  • Step 2: Intrusion Detection and Monitoring
  • Step 3: Virus Protection

Step 1: Pour the Firewall Foundation

Firewalls exist as appliances, software and integrated packages. They are one of the oldest security measures still in use. IBM’s SecureWay Firewall, for example, was developed by IBM research in 1985 and still protects the company’s own systems.

Firewalls serve as a barrier that permits only authorized traffic to pass back and forth. They do this by enforcing security policies, or predefined permissions, rules and roles. [See "Firewalls Fill the Gap" —Ed.]

Trends: Centralize

Many companies resist taking a full-blown policy-based approach to security. Instead, they write security policies for individual applications. Security policy updates are thus time-consuming and tedious.

Security vendors are introducing tools and services to help companies formulate and manage their security policies centrally. The value of such an approach includes reduced design and implementation costs, lower operating costs and decreased operating risks.

The Threat from Within

A common misconception is that security breaches originate exclusively from outside the firewall. In fact, most network-enabled fraud comes from within the enterprise.

The Computer Security Institute (CSI) reports that between 60 and 80 percent of network misuse comes from within the enterprises affected by the misuse. Insider attacks, however, are on the decline. According to the CSI, the number of companies experiencing insider attacks fell from 54 percent in 1996 to 31 percent in 2001.



Step 2: Monitor for Intruders

Intrusion detection and monitoring systems alert network administrators to hacker, cracker and even Denial of Service (DoS) attempts. Many systems also provide the ability to document break-ins for future investigation.

Trends: Smarter Systems

Look for intrusion detection and monitoring systems that also provide preventative "vulnerability assessment" capabilities. These add-ons will scan systems to identify potential weak areas. Examples include Network Associates/PGP Security’s CyberCop Scanner for Windows NT/2000 and’s Security Analyst.

Step 3: Inoculate Users

According to a survey by the Computer Security Institute, 94 percent of companies surveyed detected computer viruses in 2001. The importance of anti-virus software in any corporate security policy can’t be understated.

Although traditionally reserved for the home-user market, content filtering capabilities are being added to enterprise-level anti-virus tools as well. Content filtering tools help control content entering the network by scanning the subject and body of any e-mail.

Trends: Scare-Savvy

To prevent users from spreading messages about potentially false viruses, which can take up valuable network traffic and system space, you might consider implementing a hoax-prevention policy. This can be as simple as keeping an up-to-date list of virus hoaxes on your intranet where users can access it. An example of such a list is available at:

Ongoing Technical Concerns

Regardless of size, most companies are grappling with these common issues when it comes to implementing and updating their security policies:

Interoperability: The OPSEC protocol (from Checkpoint) aims to address this by providing interoperability among security products. Their interoperability with other corporate systems, however, remains a challenge.

Cost: As more studies quantify losses from security breaches, concern over initial security system costs will become less of an issue.

Mid- to Large-Sized Firewall Vendors
Cisco Systems PIX FirewallWindows NT
Computer Associates Int'l FirewallWindows NT
CyberGuard applicance, KnightSTAR appliance, STARLord applianceWindoxs NT, UnixWare
IBM FirewallWindows NT, AIX
Network-1 Security Solutions suiteWindows NT/2000
Network Associates/PGP 6.0 FirewallSolaris 8/SPARC or Ultra SPARC; HP-UX 11; Windows NT 4.0
Microsoft Security and Acceleration (ISA) Server 2000Windows 2000
RapidStream Security AppliancesWindows 95, 98, NT and 2000; Solaris; Linux
Sun Cobalt (previously Progressive Systems) FirewallAny Java-compliant platform
Symantec Corp. Firewall; VelociRaptor Firewall ApplianceWindows NT, Windows 2000

Intrusion Detection Vendors
Cisco Systems Secure Intrusion Detection System (IDS), formerly NetRangerSolaris, HP-UX, Windows NT Inc.www.intrusion.comSecureNet Pro softwareRed Hat Linux 6.x
NetIQ ManagerWindows NT, Windows 2000
Symantec (Axent) Alert and NetProwlerIntruder Alert: Windows NT, Unix (Solaris, HP-UX, AIX, Tru64, NCR, etc.), and Novell NetWare; NetProwler: Windows NT

Anti-Virus Vendors
COMPANYURLPRODUCTPLATFORM SERVED, GateMonitorWindows 95, 98, NT 4.0, 2000
Network VirusScanWindows 95, 98, Me, 2000, NT 4.0; Unix Anti-VirusDesktop: Windows 95, 98, 2000, ME, Windows 3.1x; OS/2; Macintosh, Server: Windows NT and 2000, Novell NetWare, OS/2, Unix, OpenVMS
Symantec AntiVirus Solutions, Norton AntiVirusSymantec: Windows 95, 98, NT, 2000; and NetWare. Norton: Windows 95, 98, NT, 2000, Windows Me; NetWare