Under attack: Network security trends
Network refreshes are essential to IT security
No network is infallible. Case in point: In May, Anonymous announced that it had successfully hacked a U.S. Justice Department Web server, one that housed data for the Bureau of Justice Statistics. The loss was significant: 1.7G of data, all of which was available for download on The Pirate Bay. The rogue group was pleased with its score. “Within the booty you may find lots of shiny things such as internal e-mails and the entire database dump,” it posted on its website.
If the Justice Department’s server was vulnerable, it stands to reason that every entity that produces, analyzes and stores public or private data is vulnerable, too. Data is the key, according to Trustwave’s 2012 Global Security Report. Today, customer records are the No. 1 target for attackers, with 89 percent of all investigated breaches being related to data theft. The stolen information includes “payment card data, personally identifiable information and other records, such as e-mail addresses,” according to the report. Another growing target: theft of trade secrets.
Starting fresh, starting safe
Although there is no perfect network, a network refresh does provide the opportunity to increase the level of security in a particular IT environment. It is especially important as other resources such as cloud-based servers and virtualized servers become part of the overall landscape.
One of the biggest adjustments that IT managers and employees need to make is changing the way they think about network security, said Jon Oltsik, a senior principal analyst at IT advisory firm Enterprise Strategy Group. “Now you have to think about ingress and egress,” he said. “Typically, we only looked at traffic coming into the network, but now you have to think about both internal and external traffic. We have to inspect the traffic going out, too.”
That requires higher throughput and processing devices on the network. Next-generation firewalls that are contextually aware and able to triangulate traffic and users to enforce policies are a good addition to the infrastructure, Oltsik said. In addition, full packet capture on the network allows administrators to view what’s going over the network, who the source is and what the destination IP address is. “This gives administrators a much deeper understanding of the network,” he said.
Another change to network security is that the focus on security is moving up the stack, said Jim Frey, managing research director at Enterprise Management Associates. Firewalls that work at the application layer instead of the network layer are taking on more importance. “The better you can lock down and track the movement of data, the better off you are,” he said. That is because threats are coming in more frequently in the upper layer of the stack. The most insidious ones are high in the application layer, he said. Although Web- and application-layer threats aren’t new, protecting the network at that level has taken on greater importance.
Finally, network administrators are looking to secure something that in the past was often out of their responsibilities: wireless devices and the wireless network. Smart phones in particular have vulnerabilities both from a user perspective — users fail to implement even the most basic security protections — and because they are often connected directly to the network via a Wi-Fi connection. Even Apple’s once impenetrable iPhone operating system has fallen victim to a malware attack. In July, a hacker uploaded what is being called the first malicious app to the Apple App Store. Called “Find and Call,” the Trojan app uploaded the user’s contacts to a remote server. And that is why security has to change, analysts say. As Frey explained: “It’s all about the weakest link in the chain.”