by September 17, 2003 0 comments

Network security, or rather insecurity, is a growing concern among most organizations. While Internet connectivity has been a boon for most businesses, it has also helped spread malicious code across the globe within minutes. New and more advanced hacking methodologies are forcing companies to devise proper network security strategies. Here, we’ll look at the key concern areas in security, new developments that are taking place, and finally, how to protect your network and critical data from attacks. 

Key concerns
Today, the key concern in network security for most organizations is malicious code. This consists of worms, viruses, Trojans and their other cousins like Java and ActiveX controls. Most malicious code spreads through email, can infect any network within minutes, causing networks to go down, which ultimately leads to loss of business. The biggest problem with these worms is that they can mutate to evade detection by anti-virus software. As it is that a new virus or worm would enter your network and cause damage. Worse still, by the time a patch is developed for it, and it’s been cleaned from the network, the virus mutates into something else and continues taking its payload. So, there would be at least 20 to 30 different variations of the same virus making their rounds on your network. 

While malicious code has become the prime security concern, one must not forget the remaining forms of security breaches.

Windows and Linux introduced the largest number of patches this year, making it difficult to decide which one to really choose. 

Other major security concerns today include cracking, internal stealing of information, corporate espionage, and of course automated programs that keep a lookout for open ports on various networks.

New Developments
On the firewall front, a new type of firewall has started becoming popular, called web application firewall. A regular firewall would block all open ports to your network, leaving open only the ones you need. The most common amongst them is port 80, which is used for HTTP traffic. A common type of attack can be a modified HTTP request that would force the server to yield some useful information, or sending a long URL to cause buffer overruns. Web application firewalls are supposed to block such port 80 attacks using the same technique as used to fight spam-blacklists and white lists. Another development on the firewall front is building in support for IPv6. Most firewall majors have added this to their products, even though the use of IPv6 is still very limited. 

There have been new developments in hardware as well, and a case in point being its new Sentry 5 switch processors. The chip puts VPN integrates Fast Ethernet switching, IPSec processing, and MIPs processing, all inside a single router chip. The advantage is that what it took four different chips to perform will now be done using a single chip. This would reduce the complexity of the hardware, reduce its power consumption, and best of all, bring down the cost. The impact of such chips will be the growth of hybrid hardware that will combine security functions into routers and switches. 

This year saw the rise of flash worms, or automated attack programs. The case in point was the SQL Slammer worm, which was supposed to have spread to 90% of all vulnerable servers in the first ten minutes of its release on the Internet. 
Chief Concerns
Malicious code like viruses, worms, Trojans, Java, and ActiveX controls.
Internal data theft, misuse
Automated attack programs
External attacks like port scans, spoofing, etc

With the growth of wireless networking, security is becoming a key concern. This basically gives attackers another, and possibly easier, point of entry into enterprise networks. Currently, the primary security feature built into most wireless products is WEP. For additional security, another standard, called 802.1x has been introduced. This standard along with another server running RADIUS is used to authenticate all wireless clients. While this security mechanism is secure, it is far more expensive to implement. 

Fighting back
With the continued onslaught of malicious code, which causes significant loss to business, patch management has started gaining importance. A lot of software companies are coming with tools that will help organizations detect everything that’s missing important patches. This becomes important because security vulnerabilities could lie anywhere starting from your desktop to server to even your hardware devices like firewalls. 

Today, simply putting a firewall in place is not enough to secure a network. It might prevent an attacker from entering your network, whether it’s a human or automated program. However, there are other ports of entry into a network today, the most common one being mail. For instance, the Nimda virus entered networks through e-mail, and then spread itself like spam and caused other damage. So, besides firewall, you would also need to protect your mail server, file servers, remote access servers, and of course the clients. First of all, you would need anti-virus software install on all machines on your network, including desktops and servers. You could also need anti-spam software on your mail

Lastly, network security is more than setting up a bunch of products. Today, the number of threats has increased. Therefore, it’s important for companies to start planning out proper strategies for their networks and put policies in place. 

By Anil Chopra

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.