Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, August 20, 2004

Protection From the Perimeter to the Core

A decade ago, Internet security pioneer Bill Cheswick proposed a network security model that he famously characterized as a “crunchy shell around a soft, chewy center.”  Today, as more and more “outsiders”—remote users, business partners, customers, contractors—require access to corporate networks, enterprises are finding the idea of a “soft center” obsolete, if not downright dangerous.

Consider this: Gartner Inc. estimates that more than 70 per cent of unauthorized access to information systems is committed by employees, as are more than 95 per cent of intrusions that result in significant financial losses.  The “2003 Computer Crime and Security Survey,” meanwhile, compiled by the Computer Security Institute and the FBI, found that 62 per cent of respondents reported a security incident involving an insider, up from 57 per cent in 2002.  In such an environment, which is also increasingly beset by so-called blended threats that dynamically target the vulnerabilities of isolated security products, enterprises must adopt an integrated strategy that addresses network security at all tiers: gateway, server, and client.

The traditional perimeter firewall no longer provides adequate protection against intrusions and threats.  In part that’s because the very definition of “perimeter” has become blurred.  The addition of remote access servers, peer connections to partners’ networks, VPN servers, and wireless access points means that a once well-defined network boundary is no longer so well-defined.  As a result, there are now multiple outside paths into the corporate network.

Integrated security uses the principles of defense in depth and employs complementary security functions at multiple levels within the IT infrastructure.  By combining multiple functions, integrated security can more efficiently protect against a variety of threats at each tier to minimize the effects of network attacks.

Secures connections beyond the perimeter, enabling organizations to safely communicate across the Internet.

With these security technologies integrated into a single solution, an enterprise is better able to withstand a modern-day network threat, be it a malicious code attack, a denial-of-service attack, unauthorized access (either internal or external), or blended threat.

A client firewall that also includes intrusion detection and antivirus technology works this way: as information is received by the client, it is passed through the client firewall and scanned for network attacks and viruses by the intrusion detection and antivirus technologies.

Moreover, proper controls can be put in place so that, should an incident occur, they can act in a timely fashion.

Enterprises should have a policy outlining their information assets and all access rights to that information.

If relationships with outside contractors call for them to access the network, make sure the access is designated only for the specific services required.

Posted on 08/20