Mobile Edition
Print
Get the Mag
Weekly UpdatesSpam, spy ware, Trojan programs, worms and viruses are on the rise and businesses need to understand that keeping such things out of computers and off of networks is a seemingly never-ending battle.
TOOLS
Vulnerability assessment tools are an instrumental first step in understanding just what exposures are present on the network. Some may refer to these as security audits since they evaluate current conditions and provide solutions for problems, and potential problems.
These tools perform network scans that help to reveal where problems may lie. Though that is a simplistic definition, it sums up their purpose. Knowing what vulnerabilities exist is the first step in correcting those problems. These scans need to be run regularly since new threats occur all the time.
Those performing vulnerability assessments can utilize such tools to scan networks to not only determine what vulnerabilities are present, but the tools can also be used to list those susceptibilities in a prioritized order. This then allows for the entity performing the assessment to tackle to the most critical vulnerabilities first and foremost.
One thing to keep in mind when using vulnerability assessment tools is that permission from the organization, or customer, who actually owns the network, is a definite requirement. Though that may seem to be a common practice, it is one that bears repeating.
THE MULTIPLE SYSTEMS ISSUE
The shift toward interconnected and interdependent system architectures has opened the door to more network threats in general. This type of shift brings more systems and components into the network equation such as HVAC controllers, video monitoring systems, physical security controls and biometric systems.
For example, if an HVAC system were connected to the main network, an attacker would be able to wreak havoc on the main network itself by exploiting the HVAC system remotely. This same scenario could be replicated for just about any other integrated building system, especially since many of them nowadays allow for remote access, monitoring and control.
INTRUSION DETECTION SYSTEMS
Intrusion detection systems (IDS) are some of the new kids on the secured computing block. While these network-based systems are on the rise, they are still misunderstood and not used nearly enough. Certain types of businesses might require an IDS since the data they house is personal, proprietary and confidential.
The casino and hospitality industries provide good examples of where IDS would be beneficial. Not only would a casino not want a hacker to access private information, the consequences of such an attack might have other ramifications. If a hacker tapped into a casino database, he would be privy to information, such as credit card accounts, personal information and more. Casinos pride themselves on doing their homework in relation to their guests and players. Because of this, they host some pretty critical information. It could be detrimental to everyone involved if that information fell into the wrong hands.
WHAT IS IDS?
Intrusion-detection systems are designed to alert of network attacks from both external (hackers) and internal (employee misuse). An IDS is something that acts as back-end support to a firewall. Firewalls are meant to prevent such attacks in the first place, but they are not perfect. Because hackers have become increasingly malicious and proficient at getting through firewalls, the importance of using an IDS has been becoming more popular in settings with large amounts of crucial information.
There are basically two types of intrusion-detection systems: host-based IDS (HIDS) and network-based IDS (NIDS). Host-based systems are operated from the host, generally a Web server. HIDS are adept at observing inside activity that is potentially unauthorized. The network-based systems are more common in large-scale operations as NIDS monitors all data flow over a network, allowing for continual analysis and monitoring of all traffic, a key element in network security.
WHAT HAPPENS IN AN ATTACK?
If an attack occurs, it is the function of the IDS to respond accordingly. Since the IDS constantly monitors traffic over the network, it should have been aware that a problem was brewing. When such an incidence occurs, the IDS can do a few things that would aid in stopping the attack or at the least helping to minimize damage. An IDS would have the ability to log users off the system, close down a user's account and launch scripts. These are the things that would essentially boot that attacker back out of the network, thus allowing the system administrator the opportunity to go in and make repairs.
Even though all of this protection sounds appealing, an IDS truly shines after a hacker attacks. An IDS is an exceptional tool that helps provide an accurate "after-the-fact" analysis, perhaps one of the best weapons around to prevent future intrusions.
Do you really need one? Probably yes. While many feel that firewalls are enough protection for the average network, there are too many cases of hackers or disgruntled employees gaining access to information that just is not meant for the general public.
One of the biggest arguments against intrusion-detection systems is not actually related to the application itself; it is more of a management/implementation issue. As with most products rooted in newer technology, there is a lag time between product installation and routine usage. If you buy an IDS, start using it as soon as possible. If it just lies dormant, it won't be able to protect you.
Most businesses enjoy their livelihood based on customer retention and reputation. Because of this, the industries need to take every step to protect their customers. Would you want a malicious hacker to have your big customers banking information? Would you want a recently fired employee, who is going to work at the competition, compiling lists of loyal clients that took you years to obtain? If your answer is a resounding no, then you may want to look into having an IDS installed.
Running programs that constantly monitor systems for viruses and potential attacks is important. It is also important to keep monitoring systems for spy ware. But, in the business world, things need to be done just a step above. Utilizing things like intrusion detection systems and having network vulnerability assessments done are just added steps that can be taken to further protect your network.
FEED