There's a plethora of network security suites around, and each one boasts new technologies and capas on almost a weekly basis. Just what do they do, and what considerations do you need to take into account when you're deliberating on a purchase or deploying one of these creatures?
Each CrossNodes Briefing is designed to act as a reference on an individual technology; providing a knowledgeable guide to networkers in purchasing and deployment decisions.
Security holes, data thefts, web site hackings, and virus attacks garner headlines almost daily. The FBI released a warning about a potential attack from Chinese hackers on May 1st. Microsoft recently announced a patch to repair a potential entry point to its server software. IT managers must decide whether each report is hype or fact and how to best deal with next threat. They need to implement a security plan that protects their data and servers without overwhelming the resources of the IT department.
Pulling It All Together
Several vendors now consolidate security software and devices into products called network security suites. Originally, IT managers installed firewalls as first line of defense. They supplemented this defense by creating a secure logon/password procedure for the server. Some secured transmissions and stored data with encryption. Most installed virus-checking software on the server and the workstations.
Unfortunately, maintaining all the security software and monitoring traffic needed to thwart attempted intrusions overwhelmed many managers. Each new threat seemed to generate a new update for the software or firmware for the security packages and devices. As vendors closed one point of vulnerability, hackers created a new entry method, triggering an endless round of updates. Network security suites can offer some relief.
The quality and comprehensiveness of the available security suites can vary greatly, however. Some vendors bundle components of the suite from separate manufacturers. Others do not provide a consolidated interface to simplify the control of the security products. IT managers must carefully assess each component of the network security suite. In addition, they need to evaluate how well they work together, and whether they will be able to update individual components. Further, they should look at the user interface or interfaces for ease of use.
Firewalls as a Front-Line Defense
Firewalls vary greatly. These devices can be software or hardware, and they help block unauthorized and unwanted access to the network. Some firewalls manage internal and external communications; others focus on external communications. The devices can include encryption, digital certificate management, and user verification. The devices also can check data, identify and block viruses, and block addresses.
Virus software forms an important part of the network security suite. While the firewall can detect some viruses, a secondary check remains necessary. This security is especially useful in preventing some of the virus that travel through e-mail attachments from trusted sources. Most experts recommend virus protection that looks for virus behaviors as well as known virus signatures. By identifying suspicious behavior, the software can sometimes flag new viruses that have yet to be defined and countered by the developers.
For critical and sensitive data, most IT managers implement some level of encryption. As much as companies may want encryption, it adds another layer to the communications process. Most data being transmitted does not require secure handling, and some IT managers do not invoke encryption every time it is appropriate. IT managers need to evaluate the data they send and store to assess the risk it presents. Some managers will determine that they have no need for complex encryption systems. Others will discover a new vulnerability and move quickly to introduce encryption to their public and private networks.
New Technologies Breed New Challenges
With the advent of mobile computing, networks face a new security threat. IT managers no longer control the boundaries of the network. For this reason, IT managers should ensure that any network security suite supports mobile code checking.
Similarly, Virtual Private Networks (VPN) can represent a unique risk because of the tunneling that VPNs support. Several network security suites and firewalls provide protection for these types of connections.
IT managers should consider the following key factors when evaluating network security suites:
- Graphical user interface: This permits operators to easily monitor and adjust the firewalls parameters. A strong interface also should support the other components of the network security suite.
- Configurable alert levels: The operator should be allowed to customize alert levels, so that the operator can filter out common false alarms and focus on potentially dangerous intrusions.
- Viewable operation status: This feature provides the operator with a real-time display of traffic, and allows the operator to intervene in the case of intrusions.
- Event history: All events involving the firewall and exceptions caught by the virus checking software should be logged. Event histories can be used to enhance security.
- Intrusion source tracing: The firewall software captures the address of any workstation that attempts an unauthorized access. The operator can use this to block traffic from that address.
- E-mail/pager alert: The security software generates an e-mail message or pages the operator if the firewall detects an illegal attempt to access the network.
- Pager alert: The security suite pages the operator whenever an alarm is triggered. Unauthorized intrusion attempts at the firewall generally trigger these types of alerts.
- SNMP support: SNMP agents and support for the SNMP standard can help unify reports and allow the IT manager or operator to access security information from anywhere on the network.
- Remote configuration: Many devices now support remote configurations. This capability provides easier access to the device when an IT manager needs to change a parameter or a policy.
- Downloadable updates: Firewalls and virus software undergo constant revisions as vendors react to new threats. These updates should be readily available and easy to apply.
- Consolidated reporting: With multiple components, the IT manager or the operator faces the potential of receiving constant alerts. A consolidated report and customized filtering can help limit those alerts to the most important conditions.
Taking the Time to Get It Right
IT managers know that good security requires time. Reacting to breaks in security does not ensure the safety of the network or the data. Instead, IT managers must carefully assess the real risk and place a value on avoiding that risk. E-commerce companies will find that the risk of losing customer data carries a large price tag. Other companies may find that they do not perceive the cost of losing data or having its network compromised warrants a full commitment to security. Once a value is set, selecting the appropriate network level of security suite becomes easier.
Gerald Williams serves as Director of Quality Assurance for Dolphin Inc., a software development company. Williams has extensive background in technology and testing, previously serving as Editorial Director with National Software Testing Labs (NSTL), Executive Editor with Datapro Research, and Managing Editor of Datapro's PC Communications reference service.