Focus turns to network security: while many consider the telecoms infrastructure a vulnerable target for terrorists, the more immediate threats are attacks by individual hackers and authors of malicious code, which are presenting new security challenges for service providers

Telecom Asia, Jan, 2005 by Dan Sweeney

But I don't want to suggest that system vulnerabilities are confined to the public Internet. People bring viruses and Trojans behind the firewall on their laptops.

Let's look at external threats to IP networks for a moment.

I think they're best dealt with higher up in the stack if possible. If you have a situation where the router is trying to examine every packet for dangers, the basic function of the router in switching packets is going to be compromised.

If we can change the topic slightly, do you see carriers successfully selling managed security services?

We certainly are. We're really moving ahead there. The customer may want us to manage his firewall. They're also very concerned about spam. They may want us to restrict access in instant messaging and control the presence that an individual has on the Web. For instance, an individual may choose to be present for paging but not for email or vice versa. Or present for email but not for voice. In an IP network all of those aspects can be controlled.

What impact do you see national security policies having on public network security policies?

Governments are wrestling with the implications of the change from circuit to packet and the convergence of communications networks. It's relatively difficult to intercept packet transmissions because the packets can take different routes, so you end up having to look at everything. Where do you store all that data and how do you analyze it?

So, given all the difficulties you've described in securing both public and enterprise networks, is there any one approach to security?

What I call cyber hygiene, the notion that security is everyone's business and that everyone using a computer in an organization should set aside a little time every day to tending to security matters. If everyone did that there'd be a lot fewer problems.

Dave Passmore

Research director for

Burton Group's

telecoms division

What is the biggest security issue for public networks today?

Probably worms and viruses ... no, I'd go beyond that. The world is becoming increasingly IP-centric, and that's taking us out of the world of proprietary operating systems that characterized circuit networks. General purpose operating systems are easily exploited.

How do you see carriers responding to this?

I think they're figuring out that there's a big business in managed security services especially to large enterprise customers. They're coming at it from that end rather than trying to police the whole network.

Do you think they'll succeed with such services?

It's an issue of the customer's willingness to pay. Is the enterprise willing to undertake the complex administration of an effective security system to save on monthly charges from the service provider? If you're going to do that, you really need to have a separate network security department. You can't expect the IT department to do it on the side.

Which service providers are succeeding with managed security services?

Not that many yet. They have to convince the subscriber that there are certain functions that only they can perform effectively.