VARs Profit From Flaw In TCP

Just about the only IT professionals who didn't overreact were solution providers, who said that the flaw affecting the Internet's Transmission Control Protocol (TCP) actually presented a golden opportunity to sell value-added security solutions to concerned customers.

"You'd think that customers would try to stay up on these things, but they don't," said Andy Reese, national director of security consulting at Dyntek, Irvine, Calif. "A situation like this presents a great excuse to get in and chat with customers about how they can improve their security with additional products and services."

The TCP vulnerability is unique in its breadth and scope, necessitating major consideration by enterprises of every size, Reese said. If left unaddressed, the vulnerability could allow hackers to knock computers offline and broadly disrupt routers, causing them to go into a standby mode, known as dampening, that can persist for hours.

According to experts from Check Point Software Technologies, Redwood City, Calif., attackers can also utilize the vulnerability to create a denial of service (DoS) condition against existing TCP connections, resulting in premature session termination. With this in mind, solution providers have been working double-time to educate customers about the need for extra protection at the perimeter of the corporate network.

Darrel Bowman, president of AppTech, a solution provider in Tacoma, Wash., recommends permitting local network access for trusted individuals only, blocking external access at the network boundary, and disabling SSL-enabled services if they are not explicitly required.

"We begin by stressing the importance of regular maintenance to all of the network and server hardware to ensure the latest patches, critical updates and hot fixes are installed," he said. "We then recommend solutions which effectively [and] affordably secure [their] environments %85 against the rising TCP threat."

David Sockel, president of Emagined Security, San Carlos, Calif., recommends even tougher measures to protect against the TCP flaw, including deploying cryptographic secure products such as IPsec, implementing ingress and egress filtering, and expeditious patch management.

Sockel, whose company is technically a managed security services provider, resells solutions from Cupertino, Calif.-based Symantec. He said many of the vendor's tools automate the necessary steps to secure networks from the threats the TCP vulnerability presents.

"Defense in-depth through a layered security approach will help ensure that networks are less vulnerable to zero-day attacks," Sockel said. "You can never be too safe."

Other resellers have managed to sell consulting services to companies concerned about protecting against the TCP flaws. Shaun Bertrand, security analyst at Creative Breakthrough, said the Shelby Township, Mich.-based firm has helped customers get involved with their ISPs to verify they have applied appropriate countermeasures on their end.

Travis Hartman, director of enterprise security practice at CompuCom Systems, Dallas, agreed: Big profits have come from helping customers determine which of their network products are affected by the TCP vulnerability and which of those products can be secured with the application of a simple patch.

"Assuming I only had time to test and deploy one patch, I would want to make sure the patch addressed the vulnerab-ility that would allow a hacker to do the most damage as well as the vulnerability most likely to be attacked," he said.