Open source software for perimeter defense - Security

Computer Technology Review, August, 2003 by Elizabeth M. Ferrarini

The host of a technology radio show in Boston recently tried to strike fear into the hearts of every systems administrator when he said, "You can't stop cyber-terrorism from attacking your network. What are you doing about it?" Although this topic has garnered a lot of national media attention, the talk show host didn't get many takers. Perhaps, he, instead, should have said, "How can you make your network more secure from the outside world?"

The bottom line is this: You can't do anything about cyber-terrorism. On the other hand, for the past three years, systems administrators have been facing four basic security challenges. So, relax, and just focus on them:

* Define your processes and educate your staff and your employees.

* Secure your systems themselves.

* Lock down the perimeters and enforce security guidelines.

* Never stop updating your security systems.

If you do these four things, you'll probably be better off than most of the organizations in the world.

The Value of Perimeter Security

The more your organization depends on electronic communications via the Internet, the more you have to lock down the perimeter or the border between your secure internal networks and any outside networks. Of course, you first want to lock down your internal networks and then think about opening them up for some services or opening up some ports to outside networks.

You also need to continuously update all of your security systems that protect your perimeter. In fact, the majority of systems that get hacked haven't been updated. For example, a year before the Slapper virus for the Windows SQL server made headlines, Microsoft had the patch available on its website. Few systems administrators took the time to get it and update their SQL server.

A good perimeter security technology strategy focuses on six areas:

* Access Control: Your different networks connect to a firewall which, in turn, acts as border control for who can access what and where.

* Authentication: This capability tells you who is coming to the firewall and verifies you are who you say you are.

* Secure Remote Access: If you have a firewall at the perimeter, remote employees can't access the internal network because it is locked down. However, secure remote access capability enables employees to dial-up the firewall over the internet, and then have the firewall authenticate their access to the internal network.

* Content Security: Without this capability, the firewall allows employees to surf the Web, but doesn't control where they go. This capability equips the firewall with an application layer which scans and checks where employees go on the Web. This application layer can also scan for viruses, protect against spare and block employees from going to filtered URL's.

* Traffic encryption: This capability secures remote traffic by encrypting the data between the remote location and the final network destination.

* Alarming or Intrusion Detection: This capability looks into your firewall to see if there are any traffic anomalies. If so, the systems administrator receives an alarm immediately.

Evaluating Perimeter Security Technologies

When it comes to evaluating perimeter security technologies, most systems administrators tend to concentrate on looking at hard parameters, such as features, performance, price, ease of use, third-party endorsement, and certification. But how many systems administrators fail to question how secure the product really is? Don't assume that all security products are really secure!

While hard parameters are important, you should place equal, if not more, emphasis on evaluating soft parameters. These include product and author integrity, ease of update, ease of setup, and all-in-one security solution. Many companies quietly go about sealing holes in the security products by putting upgrades in the next product release. So, you might not be aware there's a problem unless a virus epidemic occurs. In the meantime, if the vendor doesn't provide you an easy way to keep your product up to date, your systems can become prey to hackers. If you have systems running on different platforms, you'll need to spend time tracking updates for each platform, and then doing the maintenance work. Likewise, if you have trouble configuring a system, then expect to have questionable security.

Tight IT budgets have forced many systems administrators to think total cost-of-product acquisition, rather than total cost of ownership. This thinking can result in poor, reactive choices. Today, you need a firewall to protect your perimeter. So you opt for the most inexpensive one. You'll worry about cost of ownership later. What about the other technologies you need for airtight perimeter security? Products that handle all security functions, in the long run, provide a lower cost-of-product acquisition than the collective price of individual security solutions. An all-in product enables you to update all of your systems at the same time, thus reducing your total cost of ownership.