> Cover Story> Full Story
new integrated approach for network security
Goh Chee Hoh
Chee Hoh is Regional Sales Director, South Asia,
Trend Micro. Goh has been with Trend Micro since 1997.
Prior to joining Trend Micro, Goh worked as a Systems
Specialist with IBM, and has a total of 9 years of IT
experience, with over 5 years of specialization in the
breaches are more common due to the convergence of technologies
and new trends in computing and communications. Border Security
is the best way to tackle these threats
wave of failures in e-mail security and virus protection has
grabbed headlines recently. In the past few months, a new
trend has emerged in which security threats are more difficult
to prevent and potentially more dangerous.
With such multi-pronged threats to network security on the
rise, corporate information managers are recognizing the need
for more sophisticated and integrated information protection
to provide security from a variety of sources.
A convergence of technological advances and trends in computing
and communications is behind the new types of security attacks.
Three recent technology changes have increased the likelihood
of a security problem:
Development Life Cycles: The relentless drive to ship software
before the competition means that software makers can't afford
the lengthy testing cycles needed to minimize code flaws.
The result can be gaping holes and bugs in the code that may
be easily exploited by hackers and vandals.
Powerful Computers: Increasing numbers of individuals worldwide
have acquired access to more powerful computing machines.
With the computing power needed to run powerful algorithms,
hackers and vandals can use these machines to search out and
pinpoint a network's most vulnerable spots.
Communications: Corporate networks are providing internal
connectivity between employees, suppliers, and customers via
the Internet, intranets, and extranets. While technological
advances have made this new business environment possible,
these advances can often fuel the spread of threats such as
viruses as well as raise other security issues. Once hackers
discover a security flaw in a particular application, they
can pass along this information instantaneously via their
mailing list of cohorts. From there, it may be only a matter
of days before someone takes advantage of this security flaw,
either by creating a malicious program of their own or by
inserting malicious code into the gap in the original program.
Similarly, e-mail is now the principal distribution mechanism
for viruses, particularly the macro viruses most prevalent
The convergence of these technological advances is creating
a 'virtual community' of hackers, vandals, and e-mail 'bombers.'
Once different and isolated groups, these individuals are
coming together, enabled by the Internet technology that allows
people to effortlessly discover and use information gathered
Today a hacker might work with a virus writer to break into
a computer system, access mailing lists and then mail out
thousands of virus-infected e-mails. Another new threat comes
in the form of malicious code hidden on Web pages, where attacks
can be triggered by a user simply visiting a Web page. Java
applets and ActiveX controls can contain malicious code capable
of, for example, reformatting a hard drive. And now, such
code can also exploit the synergism of these two advances
e-mail and the Web. Today an e-mail message can contain Web
pages, and simply opening an e-mail message can trigger a
virus embedded in the accompanying Web page.
This convergence of e-mail, Web technologies, Java applets
and ActiveX controls means that no user action may be required
to trigger a virus payload.
A segregated approach to network security is no longer sophisticated
enough to provide comprehensive, effective protection against
The most effective solution to network security implements
a new, integrated concept known as Border Security. In essence,
border security works much like the security enforced at an
International airport. In the case of a corporate network,
border security checkpoints would be implemented at the Internet
Following this analogy, airport passengers are subjected to
a variety of checkpoints each designed for a specific task.
Customs, immigration, agricultural, health and drug officials
all perform a variety of inspections with specially developed
tools. Immigration and customs officials might check identities
against a list of known criminals or scrutinize passengers
for telltale signs of suspicious travel patterns, in the same
way that authentication and virus detection tools search for
both known hackers and viruses, as well as suspicious behavior
that might indicate a potential attack.
While immigration officers might focus on the passenger, other
security experts x-ray baggage or employ drug-sniffing dogs
in much the same way that virus checkers scan e-mail attachments.
Security experts are also aware that passengers can be unwitting
carriers of harmful substances, so they employ a variety of
methods for detection. While each department is specially
trained in a specific area and is most efficient in that specialty,
they pool information and work together for the most efficient
Let's take the analogy a step further. Airport security must
move passengers through checkpoints quickly, to ensure that
'clean' passengers catch their flights. So too must network
information security make authentication, virus scanning and
other checks quickly and efficiently to prevent the network
from slowing productivity.
While both airport and IT security experts would both acknowledge
that the safest way to perform their jobs would be through
complete isolation, both would agree that rapid exchange of
information is vital to both strong countries and corporations.
Airport security has evolved to become increasingly more comprehensive
to protect against threats such as terrorism or drugs. Similarly,
today's computing environment demands more powerful protection
against the concerted efforts of a community of 'cyber criminals.'
With exponential growth in network connectivity and Internet
access, and new security threats being discovered almost weekly,
each type of protection must be integrated to provide a comprehensive
border security solution.
Components of Border Security
Key components of the border security platform include:
A firewall (for authentication)
Directory services (to centralize policies, determine appropriate
A router (to direct the flow of information)
Applications plugged into this platform, and operating through
Virus/Malicious code protection
Web bandwidth management
Network administrators should seek products that will work
together to combine strengths, intelligently identify new
complex threats, and to move information efficiently through
personalized parameters made possible through directory-enabled
tools and other new technologies.