Bookmark and Share
1 April 2002

Plugging network 'holes'

by Jim Strothman

Long-forgotten business ties, rogue employees threaten security.

During the horrific days following 11 September 2001, businesses and other organizations that had offices in the World Trade Center, including the U.S. Secret Service, scrambled to survive.

Even as rescuers frantically searched for their buried colleagues, employers hustled to find temporary office space elsewhere in metropolitan New York. Many telecommuted as organizations' information technology (IT) staffs labored long hours to reassemble temporarily shattered computer and telecommunications networks.

Lost amid the rubble were not only lives but also much knowledge-including knowledge about vital computer networks. Where were all the servers and routers worldwide? What connected to what?

Suddenly, hundreds of organizations were vulnerable to cyberattacks.

Occupants of the World Trade Center weren't alone, however. Unknowingly, thousands of businesses, including manufacturing organizations, today remain vulnerable to hackers, particularly businesses that have partnered with others in past years. Many have long forgotten those legacy computer interconnections, focusing instead on present and future business relationships.

Network Security

After 11 Sept., business swelled at network security specialists such as Lumeta Corp., a small but fast growing network security firm born of Bell Labs less than six months prior to the WTC attack. Headquartered across the Hudson River in Somerset, N.J., Lumeta's technology was suddenly in great demand, with 10 global Fortune 500 companies signing up for its services during fourth-quarter 2001.

Much like magnetic resonance imaging maps a human brain or body, Lumeta's security technology can map all, or a defined portion, of an organization's intranet/Internet network. It can find known-and unknown-hosts connected to the internal network, locate potential firewall-bypassing leaks, and generate a multicolored visual "map" that readily shows network managers such as the chief technology officer or chief executive officer where their computer network is vulnerable to unwanted intruders.

"Some of our clients were affected by 11 Sept. at the World Trade Center," said Diane Burley-McGlue, Lumeta director of marketing. "We were able to give them a map of what was lost, where they needed to repair. Afterwards, people telecommuted from home, and companies set up temporary offices. It caused a whole new set of network issues."

Ex-relationships open risks

As dramatic as the events of 11 Sept. and the aftermath were, business organizations, including major manufacturing companies, are beginning to realize that routine but long- forgotten legacy supply chains and other relationships may have also left behind electronic links that could be used for ill gain.

"Companies go through mergers or acquisitions," Burley-McGlue observed. "Large organizations create subsets, then reorganize again. Many manufacturing companies have many legacy partnerships" once interconnected by servers and routers.

How to protect your network assets

What measures can you take to protect your network and information assets? IBM suggests these strategies:

  • Create a security and privacy blueprint developing policies procedures and penalties in advance to reduce threats and risk.
  • Actively check security and privacy controls, including mechanisms used by hardware and software systems, networks, databases, and human resource systems.
  • Use available security products rather than those developed in house because available products based on open standards have been tested and proved-and have customer references from which knowledge can be gained.
  • Provide security training so personnel know what is required of them.
  • Track information, assets, and users, safeguarding customer account data and company plans, as well as assets including PCs, servers, hubs, software, and supplies. Before any equipment goes out to users, predetermine hardware configuration, and ensure all software gets properly registered. Users should be aware of security breaches and then effectively investigate. People should have access only to applications and information required to perform their jobs.
  • Protect system documentation, one of the most frequently overlooked security threats. While it's seemingly convenient and less expensive to prepare and publish standard documentation, widely distributed user manuals often contain large amounts of technical information highly valuable to a hacker.

Top management concerned about security sometimes focuses too much on what can happen from the outside, however, she said. "Studies show 70% of security breaches come from within organizations" by rogue employees, for example, or even well-meaning business units that turn their own PCs into servers to bypass their IT department, fearing decision-making slowdowns, she noted.

According to a survey conducted by the Computer Security Institute for the U.S. Federal Bureau of Investigation (FBI), 75% of 563 responding companies said they had been victimized by computer-related crime; 59% of the same companies placed a dollar figure on their losses, which averaged more than $400,000. Nearly half (49%) reported unauthorized use of their computer systems.

IBM offers advice

"The goal is to align security and privacy policies with business objectives," IBM said in an e-business infrastructure white paper titled, "Linking security needs to e-business evolution."

"Businesses thus need to ask further questions," IBM said, "including: What business information and IT resources need to be protected and from whom? What is the cost of a security breach weighed against the cost of protection? What is the likelihood of a breach, and what is the right amount of security and privacy as e-businesses evolve from simply publishing on a Web site to using the Web for full integration of business processes across the enterprise?"

Firewalls can become more vulnerable when companies create "demilitarized zones"-electronic spaces admissible to authorized outsiders but walled by other firewalls so outsiders cannot access the company's other internal systems.

"As companies complete their Internet integration, they view suppliers, partners, and customers [sometimes called 'value networks'] as extensions of their business," IBM's white paper reads. "In fact, core business processes are very tightly coupled with these value networks and are supported by applications run across enterprise boundaries."

Benefits bring challenges

On the plus side, collaboration with supplier partners can speed product development and manufacturing. That same electronic collaboration, however, can "make it difficult to implement security features across enterprise borders," IBM pointed out.

"Whenever possible, organizations should use digital certificates to verify sender and receiver identities, or virtual private networks [VPNs]," IBM advised. VPNs encrypt data transmitted over public networks.

To help mitigate risk, IBM advised the following:

  • Creating contracts that clearly define interactions
  • Collaborating on configuration management to synchronize vendor fixes and engineering changes for common systems
  • Linking notification systems for security alerts and employee changes
  • Reevaluating current systems and administration for shared systems to verify they can work with partners and suppliers

Differing approaches

Not surprisingly, IBM's approach to securing business networks differs from smaller companies such as Lumeta, leaving users plenty of latitude to make choices.

IBM's e-business security services offerings fit into an all-encompassing continuum that includes assessing, planning, architecting, constructing, managing, and operating secure networks.

Lumeta, on the other hand, starts with a company's network as is. Its patent-pending Lumeta Network Discovery software scans Internet protocol networks from the inside to discover and define end points and interconnection nodes.

The technology was largely designed by a team of former Bell Labs scientists, including network security expert Bill Cheswick, author of one of the most highly regarded security books, Firewalls and Internet Security. It's built on work that began in 1997, when Cheswick and Hal Burch, then with Bell Labs' parent Lucent Technologies, began to collect Internet routing data and designed a treelike map showing more than 65,000 end points and thousands of Internet interconnection nodes.

Another product, Lumeta Firewall Analyzer, translates obscure firewall rules into clear statements of operational policy. A third offering, Leak Detection, looks for hosts connected to a company's internal network and the Internet, bypassing firewalls. IC

 

 


Return to Previous Page

Coming Next

Ask The Experts

Read questions answered by our experts or join the email list.

Feedback Hub

ISA Jobs

All contents copyright of ISA © 1995-2012 All rights reserved.
Find Local Sections | ISA Home | Report a Problem | Privacy & Legal Policies | Site Map | Help | Contact Us
ISA  |  67 T.W. Alexander Drive, Research Triangle Park, NC 27709 USA  |  (919) 549-8411