Techscope 2003: Network Security
What Network Security will be …

Here's a look at present and future trends in network security, the threats we are likely to see in the next five years and what kind of new tools and technologies will emerge. by Manoj Kunkalienkar

Network Security is not a new discipline; every year we see research, technologies, products, laws, protocol, standards etc emerging. Traditionally, Network Security has been perceived as a hindrance for the adoption of technologies in the enterprise, and this mindset is a complex issue to overcome. To achieve a truly secure environment, many layers of protection are required. As networks have grown exponentially, so have the security threats to the enterprise both internally and externally. Besides the technological challenges, there is also the daunting task of ensuring that all employees understand the threats posed by non-adherence to set guidelines.
Enterprises today, in spite of understanding the implications of security, fail to undertake fundamental exercises like identifying their assets and connections or assessment of basic vulnerability. Besides these issues, many organizations lack an IT security policy and even in the more structured organizations, which have policies, consistent enforcement across the organization often remains an issue.

Security challenges can be categorized into:

• OS weaknesses
• Application vulnerabilities
• Improper configuration
• The lack of training and resources to address the first three problems

These security vulnerabilities have resulted in the loss of business critical data in many organizations impacting their bottom lines. The biggest challenge lies in end-user awareness. Previously, security was treated with indifference by the end-user. However, today's users are better informed and receptive to security threats and needs.

SECURITY SOLUTIONS
Although no technology in the world can eliminate all security concerns, there have been improvements in several key areas. Let us examine a few solutions available for network security.

Firewalls: They are a highly trusted and time-tested solution in the network security arena. At the most rudimentary level, firewalls consist of software that restricts access to internal networks from the public networks/Internet. By setting up a firewall, legitimate traffic such as e-mail is channeled to the mail server, while intrusive programs like search engine spiders or FTP clients cannot access internal networks within the confines of the firewall.

Firewalls are an integral part of any organizational network. Although firewalls can't make your network impregnable, they do serve the function of masking your presence from casual access/hacking. Firewalls also offer some protection to users while venturing from the internal network to the Internet. Firewalls act as proxies while fetching Web pages, so the identity and IP address of machines on the network are not revealed to websites accessed, thus preventing hackers from learning details about the structure of the network.

Virtual Private Network (VPN): VPN allows employees access to company information and servers from external access points. Though this provides tremendous freedom and opportunities to employees to work from external locations, VPN's also poses a significant security threat to the entire corporate network. One of the problems confronted by VPN is intermingling of company data with personal information. Organizations must ensure that the remote users adhere to a well-defined security policy by deploying the right tools to restrict backdoor entry into the company's network. This can be done by appropriately configuring VPN access with patches, updated virus detection tools and personal firewall. Strict security measures need to be installed at the VPN server side and monitoring of all inbound traffic from the VPN gateway is necessary.

Secure Network Compartments: Organizations are increasingly creating and deploying secure network compartments, which are zones of heightened security. These secure virtual zones are then utilized for storage, management, and manipulation of mission critical or confidential information. The secure zone or network compartments are separated from the backbone network through access control devices like a filtering router or a small firewall.

Web Server Security: Intranets and extranets are often constructed using Web servers to deliver information to users in a now-familiar form. Username/password authentication has long been used as a mechanism for restricting access to websites. But because these character strings are themselves passed as clear text, capable of being intercepted and read with simple network management tools, basic passwords do not adequately secure communications. A significant improvement can be achieved by encrypting communications between a browser and a server. The most common way of doing this is to establish a secure connection using a variation on HTTP and the Secure Sockets Layer (SSL). Increasingly, commercial websites are using SSL to guarantee the authenticity of the server and integrity of the data delivered to website users. SSL also protects visitors' responses to the interactive elements of the site. SSL has become fundamental to the spread of Internet commerce and is being used for an increasing range of transactions across the Internet. However, by default most SSL implementations in Web servers do not authenticate the client Web browser.

Digital Certificates: Digital Certificates are now a key part of contemporary Internet business initiatives. When appropriately implemented, certificates can prove to be a secure means of identification that can't be repudiated, much like the signature on a contract. Digital certificates can provide a sophisticated means of controlling and monitoring access. The certificate acts as a token for access control; the user must present it in order to gain access. In many implementations this can be done automatically, in some implementations the certificate is stored on separate devices such as a smart card which has to be presented to the local client to access the server.

Intrusion detection: Intrusion detection gained impetus in 2001, as security experts called attention to the fact that the most successful intruders are the ones who escape casual surveillance. An example of an interesting technology introduced to counter this problem, was the 'honey pot,' a system that appears to be only lightly secured upon initial inspection, but actually cages the intruder in a secure area of the file system and records his every move.

The Future
What does the future hold for network security? What types of threats are we likely to see in the next five years and what kind of new tools and technologies will emerge?

The new emerging tools for security managers and administrators will facilitate deployment of security tools down to a larger set of hosts, workstations, and network devices.

One such emerging technology is biometric security. Although fingerprint recognition leads in this segment, face and voice recognition are not far behind. In addition, single sign-on technology, which allows users to browse through network resources without entering several passwords, is a powerful tool when combined with biometrics.

Together, these technologies allow organization to enforce strong passwords on all systems managing data access as per predefined rules.

On the infrastructure side, more complex DMZ and firewall configurations will become the norm. Layering of controls and analysis systems will become commonplace, as defense mechanisms will have to counter new attacks and threats. Greater attention will be paid to both the physical and application layers in designing these new networks, as attempts are made to isolate middleware and database servers from assault.

With the start of another year, the time has come to address the basic tasks you must undertake while ensuring your organization's security.

These two top-priorities must be a part of your current security mandate:

• Security policy review
• Auditing and testing of your security posture

The coming year is sure to be busy with new threats, tools, and technologies. Your world is changing very rapidly and your security posture has to change along with it. So, at the beginning of the year, take a look around you and ensure that you have covered your tracks.

The writer is Executive Director, ICICI Infotech