Protect Network Security Proactively - Technology Information

Computer Technology Review, April, 2001 by Eric Ogren

Today's modern, high-performance network demands a security system that prevents potentially damaging attacks before they invade corporate networks and files. Twenty-first century business processes require corporations to open their networks to a range of suppliers, partners, customers, and organizations. In this environment it is more important than ever that organizations keep their networks up and running. Downtime is not only a deterrent to business, but costly. Due to the time and cost of getting a network back online, recovering data, investigating the attack, and making the necessary reparations it's clear that keeping a system functioning in the presence of new and evolving security threats is vital.

Traditional reactive security solutions, such as firewalls, intrusion detection, and anti-virus products, have limitations. These tools scan for configuration weaknesses and detect attacks but do not necessarily prevent them. Most are dependent on the end user to download updates. Often produced daily, these updates are difficult to keep up with and can also impede system performance. While one might assume that a combination of these products would offer highly secure solutions, in reality most products do not integrate well. As a result, enterprise security management has become an administrative nightmare.

This article discusses the new common sense, proactive approach to security required to effectively protect critical network systems. It outlines the traditional reactive security solutions currently available on the market and explains how to make a smooth transition from a reactive security approach to a proactive defense. It also demonstrates how to effectively and efficiently change corporate mindset so that management will consider security not merely as overhead, but as a vital investment that is essential to the successful operation of the enterprise.

The Evolution Of Attacks

Despite the best efforts of security officers, internal corporate computing resources are being penetrated every day, with attacks spreading at the speed of communications, to paralyze other resources on the network. The work of a hacker is never done; as a result, Denial of Service (DoS), defacement attacks and malicious code surround and reside in enterprise networks, proliferating ad infinitum. Recent events surrounding Microsoft's admission that their corporate network--and ultimately their product development source code--was hacked provides further evidence of the need for a new approach to security. DoS attacks also have disrupted corporate giants such as Yahoo, eBay, and Amazon, as well as government entities including the FBI.

Increased Internet use, mobile computing, intranets and extranets, and e-commerce initiatives are integral to business communications. As enterprises open up their networks to enable these vital e-business processes, points of entry for cyber attacks emerge. These attacks mutate and sneak past traditional static defenses to corrupt file systems, and can spread to thousands of computers in a matter of minutes, opening multiple electronic entrances to internal network resources.

With so many new, sophisticated, and deliberate attacks facing traditionally reliable security measures, today's enterprise can no longer afford to adjust reactively. Today's enterprise demands a proactive security solution for protecting network resources.

Virtually every attack follows a natural evolution. The table indicates the anatomy of how an attack progresses, from inception to infection and resulting damage. Protection in any one area is simply not enough defense against current attacks. Attacks must be identified and repelled before they can evolve.

Reactive Security Approach

The security market has grown reactively over the years in an effort to keep pace with the evolving security needs of an increasingly distributed computing environment. Consequently, today's security market is segmented, with many different vendors selling a wide range of security products. And yet, despite the continued reliance on firewalls, anti-viral scanners, vulnerability scanners, and intrusion detectors, a whopping 90% of organizations have been breached with reported losses totaling a staggering $265M in the last year, according to a recent Computer Security Institute poll.

A traditional reactive security strategy relies primarily on perimeter defenses, which, once compromised, pass the security burden onto subsequent layers of reactive scanning and detection technologies. While certain point products do address relatively elementary tasks associated with enterprise operations, very few have actually evolved to manage highly sophisticated attacks and the sheer volume of evolving, ever-changing threats in today's business environment. Following are three examples of existing security point products and their inherent limitations.

Firewalls. Considered a "perimeter" security solution, a firewall typically sits at the primary connection point to an outside network or the Internet. Network connections are forced to pass through a firewall for examination--accepted or rejected based on network access policy rules. Firewalls are widely used to give users access to the Internet in a secure fashion as well as to separate a company's public Web server from its internal network. They are also used to keep internal network segments secure.