Network Security: World is the perimeter

Comment

Digg

Del.icio.us

Using a neighbor's Wi-Fi, opening a clearly suspicious email and even its attachment, shopping online while at office are some of the activities that are posing security risks, according to the findings of a recent survey conducted by InsightExpress. And these behaviors are not shown by casual web-surfers at a cybercafe-but are demonstrated by people who are considered to be responsible champions of India Inc. All these activities are happening either from within the office network or using an office laptop. None of the perpetrators of these acts are irresponsible guys; they are people who clearly understand the need for keeping their office network safe, and are also aware of the efforts that their IT department puts in to keep the network secure and running smooth. Yet, these security-risk activities are taking place all the time.

While employee education and inculcating a security consciousness among employees can achieve a lot, even one rogue/weak link can bring down the entire network, for days. The latest CSI/FBI Computer Crime and Security Survey paints a slightly rosier picture. Unauthorized use of computer systems has decreased, albeit slightly. But enterprises are still faced with the simple fact that threats from within the organization have not reduced.

The simplest reason for the increased vulnerability is that the enterprise network is no longer limited to one campus. Today, the world is the perimeter for most organizations, for some it extends even beyond that boundary! The office LAN-let alone the enterprise-wide network spanning all the branch offices across the globe-is accessed not just by the employees, but also by guests, partners, contractors and even sub-contractors. They use not only the VPN to access these networks, but also very often physically walk into the network with their very own end terminal, and use that to access the Internet from within the office environs. In the worst case, they may even misuse their rights and make unauthorized use of the network.

Threats to the enterprise network come not only from crafty employees trying to stealthily steal office data, but even more from guileless people bringing infected nodes festered with spam engines and worms into a secure network, making a mockery of the elaborate perimeter security that enterprises set up.

Any Way Out?
Look at an airport. Nowadays, everybody has easy access to it. While this reflects that the airline sector is poised for unprecedented growth, it also exposes the vulnerability of the sector. However, the airport does not deal with these threats by shutting itself down. It places security at every entry point. Perimeter security becomes a very small, sometimes the least sophisticated part of the entire security setup at an airport. But, security gets tighter as you go deeper into the airport.

For long, enterprise networks have worked on the exact opposite lines. Enterprises have a strong perimeter defense, and once entry is gained, it is easy for everybody to access the network. Though employee education played a significant role in safeguarding that network, there are very few ways to check if employees are crossing the ethical and professional boundaries.

To be brutally fair, not even railway stations can be safeguarded by the casual manner with which most organizations try to secure their networks. While an enterprise network enables business, network security enables smooth running of that network, says M Hayath of Cisco. Prasad Babu of Juniper adds, "Many enterprises carry out a network audit or a network security audit much after they implement security solutions. Ironically, it is not the first step they take." "Primarily, people go by product solutions or point solutions. They say, I will implement a firewall today, and then over the next year or so I will consider an IPS. It is not a very cohesive or coherent security plan", he adds. Babu is just being polite; there is neither coherence nor even the scent of a plan in this approach.

Some users counter that with continuously expanding networks, it may not be very practical to roll out the entire security paraphernalia at one go. India is a fast-growing economy, and no matter how much capacity or capabilities an organization acquires today, it will still fall short. But that should not be an excuse for not having a plan, or a security policy in place.

Babu reveals: "In the typical deployment we see today, there is a lot of focus on perimeter security. Bigger and bigger walls are built, and stronger gates are placed. Lot of resources are being devoted to build security from an outside-inside perspective." However, in typical organizations, once you are in, there is no stopping the malware.

The Magic of Technology?
Technologies abound, and that is a good thing as well as bad. The good thing is that if you have delayed a technology adoption, a smarter one than the one you missed out in the earlier offering will be available to you. The bad part is, there will always be a better technology, and the hackers and the crooks will be competing with the latest technologies, not with the ones out two years ago.

Firewalls, anti-viruses might be old technologies, yet they cannot be done away with. Even though IDS and IPS have not matured in terms of market adoption, node-level and access control security solutions are now being touted by security vendors as the next must-haves. Different vendors call them by different names-network admission control or unified access control.

Hayath says, "It takes the username authentication of the user and then checks to see if the host is in tune with the policy. If not, it pushes the host into the quarantine zone. And the user is left with no option, but to update his particular end-node with all patches." Cisco also recommends using a desktop security agent, CSA. It complements the anti-virus on the laptop or the desktop. Hayath says, "It is behavioral-based software. And it does not work on signatures or definitions. If you have a CSA loaded, and you try to download something unknowingly that tries to execute itself, CSA can caution you that some suspicious activity is taking place and recommend you not to execute it." The important thing to note here is that these are recommended to complement, but not to replace perimeter security at the enterprise level, or replace the firewall/anti-X solutions for desktops. What this approach achieves, explains Hayath, is that the infection that originates from one node remains confined to that node, and if it spreads to a particular VLAN, it stays limited to that VLAN. It can also control who has what access to the network or even the applications on the network, adds Babu.