Network Security

The threat is real

The amount of unauthorized information security events rose in 2000. According to a recent study by the Computer Security Institute and the Federal Bureau of Investigation, a staggering 70% of organizations surveyed reported a security incident. This figure is up from 42% reported in 1996. Most security experts feel that these numbers are under-inflated, as there are many motivations for organizations to avoid reporting incidents. Many organizations also lack the technical expertise to detect and react to network security events, which also lowers the number. There are many reasons for the increase in risk over the past few years.

Everything is on the net

Usually as a cost savings, many companies have migrated key information and business resources to the Internet. This has exposed sensitive corporate information. There are many examples of credit card databases, customer lists and other thefts of intellectual property in the media today. Telecommuters can typically access their entire corporate Intranet from the comfort of their home office. Unfortunately, when hackers compromise those systems, they can access the corporate data to.

Firewalls and VPNs are not enough

Deploying firewalls and virtual private networks throughout a network, or to securely allow remote sites and users to communicate is a good thing. A correct firewall policy can minimize the exposure of many networks. However, most experts compare today's firewall to the France's Maginot line of World War II. Hackers are evolving their attacks and network subversion methods. These techniques include email based Trojan horses, stealth scanning techniques and actual attacks which bypass firewall policies by tunnelling access over allowed protocols such as ICMP or DNS. Hackers are also very good at using the the ever growing list of application vulnerabilities to compromise the few services that are being let through by a firewall.

The amount of new vulnerabilities is increasing

The amount of traffic posted to vulnerability mailing lists such has BUGTRAQ has exploded over the past year. The amount of information on network vulnerabilities is so pervasive, companies such as SecurityFocus and Ernst & Young, commercial sell subscriptions to vulnerability digests, automatically tailored to a company's profile of operating systems and network hardware. Vulnerabilities are also showing up in security equipment, such as firewalls and even IDS equipment.

Hackers are getting smarter

Although many network scanning and attacking techniques have been known of for several decades, it is only recently that the tools to conduct sophisticated analysis of a target network has become available to the masses. For example, the port scanners which were publicly available in the early 90s would simply attempt to connect to a target machine on every port to build a list of potential active ports. Modern port scanners include operating system identification, can target entire ranges of IP addresses and even send in decoy scans to make it more difficult for the target to identify who the scanner source really is.

Hackers have also attempted to target IDS products by either saturating them or writing tools that will confuse an IDS. The fact that hackers are incorporating anti-IDS techniques in their arsenal of tools places them a step ahead of an organization which does not even have an IDS!