4 must-have security solutions
- By Rutrell Yasin
- Sep 22, 2004
No silver bullets or holy grails can ensure that your corporate network is totally secure from cyberattacks. To mitigate risks, however, most information security professionals agree that a multilayered approach to security is needed. This approach might include technologies such as firewalls, intrusion detection, authentication and access control hardware and software, and antivirus protection on desktop computers and at gateways into the network.
But as the number of threats rises and software vulnerabilities continue to be exposed, information security managers need new technologies and procedures to lock down their networks. Simultaneously, they must keep networks open to people outside the organization such as business partners, citizens, contractors and suppliers. No doubt, many administrators have deployed the technologies mentioned above, but here are four others they should consider.
1. Vulnerability management
Vulnerability management should be at the top of government information technology managers' security priority lists. With legislation and mandates from the Office of Management and Budget that require administrators to secure and accredit systems, determining what assets are at risk from cyberattacks and intrusions should be a high priority.
Vulnerability management hardware and software identify systems and applications that have security holes that attackers can exploit. Leading players in this arena include Qualys Inc. and Foundstone Inc., which McAfee Inc. is in the process of acquiring.
"There is no question that the active implementation [of vulnerability assessment tools] will radically reduce the cost" of certification and accreditation, said Alan Paller, research director at the SANS Institute, a security training and education organization.
Foundstone's flagship product, Foundstone Enterprise, is a network appliance that can continuously monitor and map an organization's global network. It then probes every host system on the network for vulnerabilities. Critical assets are identified and marked for remediation work if necessary. Measurement reports are generated so managers can get a clear picture of the organization's security status.
Qualys officials released a version of the company's scanner appliance, which is bundled with its on-demand vulnerability management service. This version lets users map network topology and run automated vulnerability audits from any Web browser.
These types of vulnerability assessment products and services are essential for government agencies that need to continuously monitor networks for vulnerabilities, said John Pescatore, vice president of Internet security research at Gartner Inc.
2. Automated patch management
You cannot get rid of vulnerabilities if you don't have an automated patch management system, Paller said. There are vulnerabilities in commercial software, such as Microsoft Corp.'s Windows operating system. Attackers can exploit those vulnerabilities, which are being discovered daily, using computer worms or malicious code. And network administrators are racing the clock. Attackers are much quicker at taking advantage of those vulnerabilities. The malicious code, which once took months to make the rounds, now can appear in days, said Chris Farrow, senior manager for regulatory and security research and development at Configuresoft Inc., a maker of configuration management software that includes a patch management software module.
The patch management software builds on the capabilities of Configuresoft's Enterprise Configuration Manager (ECM) suite. ECM gathers configuration information from each Microsoft-based workstation and server on the network and displays a centralized view of the data. Users can view the data from a Web portal or through prepackaged reports.
Because patch management is linked to ECM, IT administrators have information about their systems — such as the registry, disk space, device drives or whether a file to be updated is sitting in the right path — that would be useful for a successful installation of security patches, Farrow said. "Patch management is critical, but it is far from being a silver bullet," he said. "Sixty-five percent of the vulnerabilities could be corrected by better configuration management."
Some industry experts view patch management as a software distribution issue. If an agency doesn't have a good infrastructure for distributing software, then a stand-alone automated patch management product might be more appropriate. Vendors include Big Fix Inc., PatchLink Corp. and St. Bernard Software Inc.
3. Enterprise firewalls and intrusion prevention
Hackers are launching more sophisticated attacks on Web protocols and applications that network-based enterprise firewalls are unable to detect.
"Attacks are moving up to the application layer," and as a result, firewalls that mainly protect the transport layer of the network are less effective, said John Diaz, an analyst with the Computer Incident Advisory Capability, which provides the Energy Department and National Nuclear Security Administration with incident response, reporting and tracking.
New technologies complicate matters. "With the advent of Web services, about 70 percent of attack paths closed with firewalls will be reopened," Diaz said.
To keep these paths closed to attacks, organizations need enterprise firewalls that perform deep-packet inspection, a technique of closely examining the packets of information traversing networks for application-level attacks.
Network-based firewall vendors, including Check Point Software Technologies Ltd., have added more application-level security to detect and block worms and malicious code before they can wreak havoc on a network, said Bill Jensen, Check Point's government marketing manager. The company's Application Intelligence function can "understand not only attacks but how protocols are supposed to [actually] work" to more effectively detect bad network traffic that is disguised to look legitimate.
Companies such as TippingPoint Technologies Inc. and Juniper Networks Inc. that supply intrusion-prevention products are also offering network appliances that provide deep-packet inspection engines to block worms and malicious code.
4. Token-based identity management
Identity management software is essential for managing user accounts and privileges to ensure that the right people have access to the applications they are authorized to use and that their accounts are closed when they leave an organization or move to different jobs in an agency.
Although demand is growing for identity management software suites that include functions for managing accounts and privileges, access control and user provisioning, IT managers should also consider token-based access control, industry observers say.
Paller said secure tokens that can quickly be plugged into a USB port on a laptop or desktop computer can protect against unauthorized access, especially by employees.
USB tokens are designed to store a person's digital identity. When someone is ready to log in to applications via a PC, virtual private network, wireless network or Web portal, he or she is prompted to enter a unique personal identification number. If the number matches the USB token, access is granted. The numbers stored on the tokens are usually encrypted for additional security.
Leading players in the authentication and access control arena such as Entrust and RSA Security Inc. offer USB tokens. Other companies that provide such technologies include ActivCard Inc., Aladdin Knowledge Systems and Authenex Inc.
Using these layered technologies — vulnerability assessment, scanning and blocking, and intrusion prevention — agency officials can capture about 90 percent of the security holes in their networks, Pescatore said.
Now, as far as addressing vulnerabilities caused inadvertently by uneducated users or IT administrators, that's another story.
Find more security solutions on the FCW.com Download's Data Call at www.fcw.com/download.