Home > Cover Story> Full Story

A new integrated approach for network security
Goh Chee Hoh

P R O F I L E

Goh Chee Hoh is Regional Sales Director, South Asia, Trend Micro. Goh has been with Trend Micro since 1997. Prior to joining Trend Micro, Goh worked as a Systems Specialist with IBM, and has a total of 9 years of IT experience, with over 5 years of specialization in the security business.

Security breaches are more common due to the convergence of technologies and new trends in computing and communications. Border Security is the best way to tackle these threats

A wave of failures in e-mail security and virus protection has grabbed headlines recently. In the past few months, a new trend has emerged in which security threats are more difficult to prevent and potentially more dangerous.

With such multi-pronged threats to network security on the rise, corporate information managers are recognizing the need for more sophisticated and integrated information protection to provide security from a variety of sources.

A convergence of technological advances and trends in computing and communications is behind the new types of security attacks. Three recent technology changes have increased the likelihood of a security problem:

Development Life Cycles: The relentless drive to ship software before the competition means that software makers can't afford the lengthy testing cycles needed to minimize code flaws. The result can be gaping holes and bugs in the code that may be easily exploited by hackers and vandals.

Powerful Computers: Increasing numbers of individuals worldwide have acquired access to more powerful computing machines. With the computing power needed to run powerful algorithms, hackers and vandals can use these machines to search out and pinpoint a network's most vulnerable spots.

Communications: Corporate networks are providing internal connectivity between employees, suppliers, and customers via the Internet, intranets, and extranets. While technological advances have made this new business environment possible, these advances can often fuel the spread of threats such as viruses as well as raise other security issues. Once hackers discover a security flaw in a particular application, they can pass along this information instantaneously via their mailing list of cohorts. From there, it may be only a matter of days before someone takes advantage of this security flaw, either by creating a malicious program of their own or by inserting malicious code into the gap in the original program.

Similarly, e-mail is now the principal distribution mechanism for viruses, particularly the macro viruses most prevalent today.

Integrated Threats
The convergence of these technological advances is creating a 'virtual community' of hackers, vandals, and e-mail 'bombers.' Once different and isolated groups, these individuals are coming together, enabled by the Internet technology that allows people to effortlessly discover and use information gathered by others.

Today a hacker might work with a virus writer to break into a computer system, access mailing lists and then mail out thousands of virus-infected e-mails. Another new threat comes in the form of malicious code hidden on Web pages, where attacks can be triggered by a user simply visiting a Web page. Java applets and ActiveX controls can contain malicious code capable of, for example, reformatting a hard drive. And now, such code can also exploit the synergism of these two advances e-mail and the Web. Today an e-mail message can contain Web pages, and simply opening an e-mail message can trigger a virus embedded in the accompanying Web page.

This convergence of e-mail, Web technologies, Java applets and ActiveX controls means that no user action may be required to trigger a virus payload.

A segregated approach to network security is no longer sophisticated enough to provide comprehensive, effective protection against multi-pronged attacks.

Border Security
The most effective solution to network security implements a new, integrated concept known as Border Security. In essence, border security works much like the security enforced at an International airport. In the case of a corporate network, border security checkpoints would be implemented at the Internet gateway.

Following this analogy, airport passengers are subjected to a variety of checkpoints each designed for a specific task. Customs, immigration, agricultural, health and drug officials all perform a variety of inspections with specially developed tools. Immigration and customs officials might check identities against a list of known criminals or scrutinize passengers for telltale signs of suspicious travel patterns, in the same way that authentication and virus detection tools search for both known hackers and viruses, as well as suspicious behavior that might indicate a potential attack.

While immigration officers might focus on the passenger, other security experts x-ray baggage or employ drug-sniffing dogs in much the same way that virus checkers scan e-mail attachments.

Security experts are also aware that passengers can be unwitting carriers of harmful substances, so they employ a variety of methods for detection. While each department is specially trained in a specific area and is most efficient in that specialty, they pool information and work together for the most efficient results.

Let's take the analogy a step further. Airport security must move passengers through checkpoints quickly, to ensure that 'clean' passengers catch their flights. So too must network information security make authentication, virus scanning and other checks quickly and efficiently to prevent the network from slowing productivity.

While both airport and IT security experts would both acknowledge that the safest way to perform their jobs would be through complete isolation, both would agree that rapid exchange of information is vital to both strong countries and corporations.

Airport security has evolved to become increasingly more comprehensive to protect against threats such as terrorism or drugs. Similarly, today's computing environment demands more powerful protection against the concerted efforts of a community of 'cyber criminals.' With exponential growth in network connectivity and Internet access, and new security threats being discovered almost weekly, each type of protection must be integrated to provide a comprehensive border security solution.

The Components of Border Security
Key components of the border security platform include:

• A firewall (for authentication)
• Directory services (to centralize policies, determine appropriate access points)
• A router (to direct the flow of information)

Applications plugged into this platform, and operating through them, include:

Content filtering:

• Virus/Malicious code protection
• E-mail filtering
• Web filtering
• Web bandwidth management
• Intrusion detection
• Encryption

Network administrators should seek products that will work together to combine strengths, intelligently identify new complex threats, and to move information efficiently through personalized parameters made possible through directory-enabled tools and other new technologies.