Let's Get Connected!
Technology Headlines
- IBM Develops Analytics Technology For Telcos
- A USB Hard Drive That Asks For Your PIN Before Allowing Access
- An Information Security Health Check-up For IBM Clients
- Enterprise Applications And Mid-tier Caching
- India Needs More Homegrown PhDs In Computer Science
- IBM: An Education Tourism Programme For IT Professionals And Students
Tag Cloud
application
applications
based
best
business
companies
company
content
cost
customer
customers
data
development
different
does
firm
future
good
high
important
india
indian
industry
information
innovation
internet
just
like
make
market
mobile
model
need
needs
network
people
platform
product
products
research
says
security
service
services
social
software
solutions
start
systems
team
technologies
technology
time
today
used
user
users
using
work
world
|
Computer networks form an essential component of communication today. But as the flow of information through wired and wireless devices assumes paramount importance, the need to safeguard these networks is gaining more focus.
Ancient security systems to protect a castle from intruders consisted of a moat, a high wall and gates, which formed a three-layered security guard, further supplemented by armed guards. Fast forward to our modern world, and you will find that as we increasingly rely on computers and gadgets connected via wires, wireless APs and the Internet to exchange vital information, we are still taking cues from ancient security systems to protect our vital networks!
Network security, however, is an evolving process that reflects changing security best practices. It is not a one-time product, or even an integrated implementation of different security tools. Security practices depend on research and development, as research outcomes add value to existing security products. For instance, today wireless networks may rely on access points or be configured to offer ad hoc or machine-to-machine networking. While those based on wireless access points are considered reasonably secure thanks to the implementation of MAC address filtering to restrict unauthorised systems from connecting to the network, some encryption, strong passwords, and regular updates of underlying firmware, ad hoc networks are not as safe.(?) IDS applied to mobile ad hoc networks Most organisations today use firewalls to authorise network access, and intrusion detection and prevention systems (IDP), preferably configurable for each network user to scan incoming content, check for anomalies in incoming communication, encrypt internal communication where necessary to safeguard organisational secrets, and track network usage for future audits and analysis. According to Digvijaysinh Chudasama, VP-sales cyberoam at Elitecore Technologies, an ideal IDP solution attaches IDP policy to a combination of a threat’s source (origin), destination, identity and service schedule. But many IDP solutions currently deployed ignore the origin and destination of a threat. Further, when it comes to the dynamic topology of a mobile ad hoc network (MANET), it is not so easy to implement intrusion detection systems (IDS), as a fine line exists between malicious and false problems associated with such networks. The security division of the Computer Security Resource Centre at the National Institute of Standards and Technology, an agency of the US Commerce Department’s Technology Administration, is working with the University of Maryland, Baltimore County (UMBC), to simulate, implement, and test various MANET IDS. Apparently, observing traffic and malicious nodes entering and leaving the immediate radio transmission range on such networks presents a great challenge. Such malicious nodes find it easy to avoid detection, and even join other malicious nodes to disrupt network activity. Further, a malicious node may not remain malicious on a permanent basis, but switch its state from malicious to non-malicious, making it difficult to identify. As described above, the IDS typically collects audit data, but MANETs do not have switches, routers and gateways, that facilitate data collection for the entire network. An ad hoc node or sensor is only able to monitor network traffic within its observable radio transmission range. This team is thus particularly looking at implementing intrusion detection for ad hoc networks on small handheld devices. Their proof-of-concept prototype secure routing protocol is based on AODV over IPv6, further reinforced by a routing protocol-independent IDS for ad hoc networks. The security features in the routing protocol include mechanisms for non-repudiation and authentication, without relying on the availability of a Certificate Authority (CA) or a Key Distribution Centre (KDC). Global surveillance -- the new face of intrusion management The Zurich Information Security Centre, a co-operative venture between the ETHZ research centre (Swiss Federal Institute of Technology, Zurich) and an industry consortium, is conducting research on an Integrated Framework for Intrusion Management. The research is based on certain limitations of current intrusion management systems. For instance, these are limited to a single corporate network instead of surveying the entire Internet. A global approach would collate information from different networks and would thus be better suited to detect and defend networks from malicious attacks. The research also builds on the fact that most intrusion management systems collect a lot of noise, or useless data generated by legitimate network users, and hence the process of identifying odd activity is weakened. A system scanning data collected by a honeypot – a network decoy – would be more efficient, and better informed to identify the true risk of attacks, as honeypots typically collect only suspicious data. The team has also identified the need to integrate these systems in the business process, so that individual processes receive the protection they require, and this measurable protection can change as business needs evolve. This aspect also takes into account the need to minimise the cost of network security. The rise of internal threats According to Chudasama, in 2007, enterprises need to especially protect against internal threats – such as the introduction of viruses, worms, or Trojan horses; the theft of information or corporate secrets; the theft of money; the corruption or deletion of data; the altering of data to cause inconvenience or falsify criminal evidence; and the theft of the identities of specific individuals in the enterprise. Internal threats arise due to user ignorance, and irresponsible and harmful online behaviour, such as P2P file transfers, surfing unsafe sites, leaving e-mail IDs for updates on suspicious sites, etc. These acts result in higher levels of spam, increase the entry of spyware, phishing and pharming into the network in addition to traditional viruses, worms, Trojans, and cause other problems. Internal threats are also posed by disgruntled employees or ex-employees seeking revenge for perceived injustices. Since this group of persons is often aware of the shortcomings of an enterprise’s security implementation as well as the location of key IT and other resources and practices, they need to be carefully safeguarded against. The bottom line is that the user has proven to be the weakest link in the security chain today. Hence, linking user identity to security is the best way to ensure a high level of security while supporting business flexibility. User recognition and dynamic security based on the user’s business profile and requirements ensures the best of both worlds – high security that does not restrict business flexibility. A blanket security cover Unified Threat Management (UTM) is the outcome of an increase in the number of layers that are needed for a network’s security. An evolution of the hardware that makes up a firewall – technically called a firewall appliance – it combines an entire suite of threat management features in a single product, instead of having to resort to several point solutions. Chudasama believes a true UTM solution must have all these features on a single platform – firewall, VPN, anti-virus, anti-spam, IDP, content filtering, bandwidth management and multiple link load balancing, and gateway failover. He points out that a UTM should be flexible and have the granularity that enables it to deal with protection against Zero-Day threats, and work with emerging technologies like VoIP and dynamic scenarios like DHCP and Wi-Fi. UTMs are fast becoming popular as a means to provide a ‘24x7x365’ blanket security cover to a network. By the end of 2007, it is estimated that 80 per cent of all security solutions will be delivered via a dedicated appliance. The reason for the wide scale deployment of UTMs is its convenience. A box-like appliance, its installation resembles a plug-and-play device that cannot be fiddled with by a remotely situated end user. Once plugged in, its configuration may be done remotely. Remote management As the costs of security tools and skilled manpower increase, security is rapidly becoming a separate subject within IT. Enterprises are looking for compact centralised solutions that do not require the posting of security professionals in every branch. Troubleshooting a UTM is relatively easy. A failed box only needs to be replaced – something that even a non-techie may easily do. In fact, UTMs have put a lot of focus on the use of box solutions for remote offices. Ajit Pillai, regional director of India and SAARC, WatchGuard Technologies, confirms an increasing trend towards the remote management of network resources, especially as network security has more to do with a dynamic state. Continuous updates and upgrades are needed, and these are required to be bundled with other services. The product sans service is quite meaningless to enforce security. As Chudasama also explains, remote management is required to manage multiple security appliance installations at dispersed locations. Remote management enables centralised control for common security policy enforcements across offices. This also allows the central management of features, upgrades, patches and user management. Even though manpower costs are lower in India than the West, remote management is nevertheless becoming very popular because of a scarcity of qualified manpower. The large numbers of small- and medium-sized IT businesses mushrooming across the country – especially in rural areas – are unlikely to be able to afford security specialists. However, deploying UTMs after availing consultancy on the subject from specialised firms, is a viable option. Many companies (other than those belonging to the IT and ITeS sector) are outsourcing security to specialised firms. Creating intelligent networks Network admission control (NAC) is yet another existing solution that is taking security to a new level, creating intelligent networks that automatically identify, prevent and adapt to security threats. An industry initiative sponsored by Cisco Systems, NAC is part of the Cisco Self-Defending Network, and works on the principle that forcing compliance after a user has logged into the network is futile, insofar as potential damage from viruses, etc, is concerned, as these would automatically make an entry into the network with the authentication of a compromised user. NAC thus shifts the compliance check to initial network access. It helps identify non-compliant devices, and places these in a quarantined area with instructions to comply with the security policy, and give them restricted access to computing resources, or else permanently ban them from the network. NAC is assuming special importance in our current business space, since networks are increasingly going wireless and getting more complex, as the number of network-based services that may be compromised increase. Laptops, PDAs and other such mobile computing devices belonging to corporate visitors or vendors are often brought into wireless networked areas. Besides, many staff members carry such devices for presentations – this back and forth movement between a corporate network and public network raises the risk of spyware and other attacks. The security division of the Computer Security Resource Centre at the National Institute of Standards and Technology (NIST), an agency of the US Commerce Department’s Technology Administration, is working on devising a means to secure communication and service discovery for hybrid MANETs. Its research recognises the fact that existing service discovery protocols and delivery mechanisms fall short in ad hoc environments. The hybrid networks they propose comprise low-mobility sensor networks teamed up with high-mobility wireless devices (such as PDAs and laptops) through mobile gateways. Each device would be enabled to advertise and discover services within its own hybrid network and across the Internet by querying partner networks, through mobile Internet gateways. This system ensures secure communication by using authentication and encryption, based on a PKI approach. It uses the NIST’s AODV with new support for multi-casting as the routing protocol for the mobile nodes; Open SLP as the base-layer for the Service Advertising and Discovery modules; and Open SSL for cryptographic services. Going from enterprise to global level As organisations grow, hybrid networks are likely to become the order of the day. In such a scenario, it is not practically possible to check every system; so current security systems must be more intelligent, ask relevant questions and force the compliance of a range of wired and wireless devices. In Pillai’s words, as the threat areas to watch out for become more blended, spanning SMTP (e-mail), HTTP( browsing), FTP( file transfer), instant messaging and VoIP, every precaution must be taken to safeguard a network. Network security threats today are patent as well as latent. Intruders are no longer easily detected on an enterprise’s security radar. Hopefully, the technologies generated by ongoing research will help share individual radars across many networks, thus increasing overall sensitivity of our networks to intrusions and preventing security breaches. For more details: http://sectools.org/ http://www.networkworld.com/columnists/2007/011707miliefsky.html?page=1 http://www.voicendata.com/content/goldbook/goldbook06/106030606.asp http://www.networkworld.com/columnists/2007/011707miliefsky.html?page=6encryption http://www.zisc.ethz.ch/research/intrusionmanagement http://csrc.nist.gov/manet/index.html#hybrid
|
 Comments |
|
|
Powered by !JoomlaComment 4.0alpha
|