Security 101: The Defense of the Enterprise

Humans or the Internet--Who is the Weakest Link to E-Business?
In the previous class, we learned that a secured computer system was one where data remains confidential, with a high level of integrity and is protected from corruption. When networks were closed, and private, with a small, identifiable user base, threats were rare and by definition, the systems were secure. But, as the model evolved to one that provided open public access, with an anonymous global user base, you moved to a system vulnerable to compromise and attack.

During the past several years, Internet mania spurred the diversion of trillions of technology investment dollars to support the growth of a global electronic dot-com bazaar. But, in the rush to capitalize, many e-business architects underestimated the importance of security, or overestimated the complexity of incorporating it in their systems. The result was that many Internet-based businesses were attacked. It did not take long for the confidence levels of consumers, partners, suppliers, and customers to fall, as they grew skeptical about e-business' ability to protect confidential customer information, and to sustain uninterrupted operations. The euphoria of everything labeled Internet was replaced by doubts. Today, e-business continues to ramp up, but the successful operations will be those that quickly align traditional IT security practices with business unit demands, thus providing a safe and trusted way to conduct business over the Internet. Building a strong defense is a must for every organization using Internet technology.

Malicious Code Attacks
Attackers launch their Internet missiles at targets they perceive as not properly protected, due to weak Internet practices such as unprotected e-mail systems, sharing of files, using online resources and conducting real-time transactions. Missiles include malicious code programs such as viruses, worms, Trojans, and logic bombs. Recent examples such as NIMDA, Code Red, ILOVEYOU, Anna Kournikova, Sir Cam and Naked Wife have cost businesses billions of dollars through disruption of business, loss of worker productivity, and associated costs of remediation. Malicious code attacks can use social engineering to get someone to open (execute) a mail attachment as was done with the ILOVEYOU virus. ILOVEYOU was inscribed in the subject line of e-mails prompting them to be read and hasten the spread of the virus globally in a matter of hours. Also, to demonstrate the veracity of this virus, multiple variants appeared so rapidly that by the time antivirus products were updated, a new strain was launched causing the cycle to start all over again. Antivirus programs help defend against such possible destruction by offering automated updated signatures that detect viruses and cure the penetrated system. They are also able to help track the source of virus infections.

Defense Requires More Than Antivirus
In addition to antivirus programs, network perimeter security known as firewalls are also used to combat attacks. A firewall is a system or a group of systems that filter data coming into and leaving the network. It can secure a network through a number of criteria, including designated applications, network services, and source or target addresses. Obviously, one of the key systems that can be identified is web access. But network firewalls alone cannot protect against the high number of attacks perpetrated from within.

Because networks have grown in size and complexity, lower level server and desktop attacks are sometimes harder to detect. Intrusion detection systems (IDS) provide host and network protection by automatically detecting patterns in network traffic that indicate potential intrusions, attacks or abuses. An example of what can be detected is the distributed denial of service (DDOS) attack, which occurred earlier this year against E-Bay and CNN, among others. This exploit employs automated tools to use an organization's host machines as "time bombs," placing instructions on them to launch an attack on specified target computers at a pre-arranged time. The end result is to flood targeted Web sites with more hits then can be handled by the Web servers, thus resulting in a disruption or denial of service. An IDS system, once detecting the inordinate traffic, would haven take an appropriate predefined action as prescribed by security policy.

According to a survey conducted by TruSecure, attacks on Web servers have doubled this year over last. With respect to the companies surveyed: 50 percent that experienced Web attacks cited external sources, 90 percent were hit by malicious code attacks, 40 percent experienced denial of service attacks. Fewer than 60 percent of those surveyed reported internal hacking events. It is clear, that humans thrusting missiles of destruction on the Internet are the weakest links in the Internet-based e-business. You can remove your business from the Internet and feel more secure, but it will be difficult to locate another vehicle that brings enterprises and customers together in such a timely and cost effective manner. The Internet and e-business are here to stay, and as it evolves, security solutions will continue to improve in the way they defend against malicious attacks, as well as offering tighter management and increased integration to the existing computing infrastructure. In the next installment, we will take a look at security management along with secured access and their role in the formation of a more comprehensive Internet security strategy.

Be sure to look for our third Security 101 class, "Security Management Issues," which will be posted on Nov. 26.

* 2001 Computer Associates International, Inc. (CA) All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.