Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, December 15, 2004

Survivor’s Guide to 2005: Security

Security has become so critical to enterprise networking that it’s developing along several different lines simultaneously.

Like many migrations, these are spurred by outside forces ranging from increasingly active malware writers to regulatory pressure from Gramm-Leach-Bliley (GLB), HIPAA, Sarbanes-Oxley and other industry-specific rules.

Functions are migrating from passive (sounding the alarm when something goes wrong) to active (preventing a wide range of intrusions and vulnerability exploits).

Controls are migrating from the individual, with each security function operating as an island, to the centralized, with access control and policy-enforcement frameworks linked to one another and to the remainder of the network infrastructure.

As the concept of network perimeter loses its meaning, the most important method you can use to safeguard your network in 2005 is multilayer protection.  Regardless of the specific piece of network protection taking most of your attention this year, you should plan for it to be one of many layers of security, rather than a global network-protection cure-all.

The good news is that most of these developments encourage the network to take a more active role in its own defense, while giving you, the administrator, more centralized control, more finely calibrated responses, and more information about what’s going on with attacks and reactions.

The bad news is that the promises are based on sometimes-competing new alliances and standards.

Betting on the wrong alliance or standard could leave you changing directions (and components) mid-migration—a consideration that takes on greater weight as security components are increasingly integrated into the core network infrastructure.

Intrusion detection systems—the primary source of warnings that attacks are under way—are critical pieces of network-security infrastructure, providing detailed records of attacks, intrusions and unexpected network activity.  For most enterprises, the IDS has become the central piece of security hardware, certainly the most visible piece to the staff.  Without an IDS, the security staff must gather forensics information from firewall, server and router log files.

Schemes such as Cisco’s Network Admission Control (NAC) and Microsoft’s Network Access Protection (NAP) have, among many other capabilities, IDS and firewalls sharing some of the features of an IPS (intrusion prevention system), with the IDS feeding control information to a central authority, which then gives instruction to the firewall for connection reset and address blocking.

As a piece of a multilayer security approach, an IPS can join the IDS, enterprise firewall, desktop firewall and application firewall to protect your key network assets.  For some, the blocking of even one piece of legitimate traffic is unacceptable.

As an incremental tool that can help cut down on the volume of attack traffic, intrusion prevention from vendors including Check Point Software, Internet Security Systems, Lucid Security, Radware and Tipping Point should be seriously explored in 2005.

The various governmental regulations, including HIPAA and GLB, make it business-critical for a company to protect customer and patient data from any theft or intrusions, and make it just as important that the company demonstrate that the protection is in place and effective.

Ask any vendor claiming to have an enterprise policy framework how many companies have partnered with them to let their products be queried and/or controlled by the central management console.  The partnership issue should be more readily resolved by the industry giants that have introduced their own policy and access-control systems.

Both Cisco Systems with its NAC and Microsoft with NAP are building network-control frameworks on the basis of technology and products that are in the field, though neither company expects to have production deployments before the middle of the year.

At the same time, agencies and organizations have begun the work of building standards—the National Institute for Standards and Testing published ANSI INCITS 359-2004 (for role-based access control) in February 2004, and other organizations have committees beginning to look at the requirements for standards.

SSO across a global enterprise and all its myriad applications isn’t going to happen in 2005 and probably won’t happen in 2006.

“Thumb drives,” small USB storage devices, have replaced floppy disks as the portable storage medium of choice for mobile professionals carrying presentations, software updates or small applications from office to office.

Moving bandwidth shaping, access control and command communications to other components in response to intrusion incidents to the basic infrastructure makes sense, and will continue at an increasing pace in 2005.  The last point for 2005 doesn’t involve a specific product or technology, but encapsulates all the changes already discussed.;jsessionid=W0EE0KMQETN10QSNDBGCKH0CJUMEKJVN?articleID=55800066

Posted on 12/15