Network security for the enterprise

New technologies, new business models, and the ever-increasing sophistication of network attacks have led to the need for more granular levels of permission to access network resources and for encryption and attack protection measures to be available anywhere inside or outside the network, argues Gareth Green, managing director of NetScreen Technologies, Inc. in Europe.

Basic network security issues have changed very little over the past decade. Protecting the confidentiality of corporate information, preventing unauthorised access, and defending against external attacks remain primary concerns of I.T. professionals today. What has changed, however, are new technologies and business practices that make these old concerns a far more formidable challenge.

Deployment of extranets and wireless local area networks (WLANs) are turning networks inside out from a security perspective. Smarter, deadlier web-enabled worms and viruses are launching attacks from within networks. Disgruntled and dishonest employees are becoming more computer-savvy and capable of perpetrating mischievous and illegal acts.

Threats can come from anywhere. To combat these escalated threats, enterprises must find better ways to resolve these vulnerability issues. Today’s security-aware enterprise needs to find products and solutions that provide the flexibility needed to defend against attacks from all these sources and can easily adapt to the security requirements of emerging technologies. At the same time, these new security measures must not limit the performance of the network. Legacy security solutions have attempted to match the speed of the WAN. Today’s security threats often occur at the LAN level, which places greater performance requirements on the security solution.

Network vulnerabilities created by the Internet, unauthorised personnel, and teleworker environments have been, and will continue to be, an ongoing challenge for network security professionals. The Internet exposes corporations to security risks such as denial-of-service (DoS) attacks that can cripple mission-critical e-business applications, and intrusions from hackers that can sabotage or gain control of servers and other network resources. Smaller, remote office environments with corporate network access may not apply the same rigor to who accesses what desktop, opening a window for unauthorised personnel to access corporate resources.

Teleworkers and branch sites with both local Internet access and corporate VPN access can expose companies to U-turn attacks in which intruders gain access to the network behind the remote-site VPN and then use the VPN tunnel as the conduit into the trusted corporate intranet. Forcing Internet-bound traffic through the corporate VPN network, however, creates propagation delays and possible network congestion. This could impact not only the teleworker, but mission-critical applications such as e-commerce that utilise the same central site links, resulting in potentially damaging economic consequences.

Historically, these threats have been addressed through security solutions such as the product line offered by NetScreen Technologies. New business models and technologies are elevating the impact of old network vulnerabilities and products need to adapt to meet those demands. Changing levels of trust, Trojan attacks, compromised servers, and disgruntled or dishonest employees have taken centre stage in the effort to secure the network.

Changing levels of trust

With their adoption having become commonplace, extranets and partner network access no longer represent a radically new business model for enterprises. Nonetheless, I.T. departments responsible for security continue to struggle with their proper implementation. Today, these networks extend around the world, serving not only employees, but partners, customers, suppliers, and consultants. This business model and the technology to implement it are changing the definition of who is trusted and to what level within the organisation. While the enterprise may be secure, just how secure is the partner, customer, supplier, or consultant end of the extranet connection?

Another business/technology model that has many of the same issues of trust as extranets, plus some additional technical ones, is the deployment of wireless LANs. WLANs employ a broadcast medium unlike today’s switched, hard-wired circuits, raising well-placed concerns about confidentiality, authentication, and trust. Unlike wired networks, where an attacker must be physically connected to a network, a wireless hacker could be in a car or walking around a building in which a WLAN is installed. Inadequate encryption allows unauthorised users to either eavesdrop or use a wireless gateway to access other resources and/or potentially compromise servers. Once connected to the WLAN, intruders most likely have access to nearly all of the network without further authentication.

Enterprises may choose to circumvent these security issues by banning WLAN devices in the network. The minimal cost of such devices, however, enables departments and even individuals to purchase their own WLAN equipment and connect it to the corporate network without authorisation. Such bootleg devices pose a blind risk to network managers who may be better equipped to deal with WLANs by embracing them and establishing policies under which they can be controlled.

Disgruntled employees often launch attacks just as they are voluntarily leaving or having their contract terminated. A disgruntled programmer at Omega Engineering , a defence contractor in the U.S., for example, caused over $10 million in damages when he set off a digital bomb. Dishonest employees can cause similar losses, such as a brokerage firm clerk who altered computer records, changing the ownership and price of 1,700 shares of Logan Industries stock. Trojan virus attacks, on the other hand, are often launched unknowingly by employees who download attachments without proper security screening in place. Potentially destructive programs, Trojan viruses can often masquerade as benign applications. These viruses infect an internal workstation and then launch attacks on the internal network, circumventing traditional, external firewalls. Trojan horses differ from other viruses in that they don’t replicate themselves.

Resolving Network Vulnerabilities

While basic network security issues have remained largely the same, new business practices and new technologies are making these old concerns more challenging. Changing levels of trust, compromised servers, malicious employees, and the constant threat of viruses and worms are putting enterprises on the defensive. A properly deployed security device is the keystone for enterprise network security – so long as it is equipped to deal with the escalating threats to networks.

Businesses must find new ways to address these escalating threats. Security solutions that are sufficiently flexible and scalable to protect against attacks from all sources, whether internal or external, and can easily adapt to the security requirements of emerging technologies are the only answer: providing more granular levels of permission to network resources and allow attack protection to be available anywhere inside or outside the network. New support for multiple security zones and multiple physical interfaces deliver added control and segmentation. Physical interfaces that can all independently have firewall and denial-of-service protections activated. VPN tunnels that can be terminated to any device, enabling extranets and WLANs to be supported more easily. And, these new security measures must not impact the performance of the network. The security paradigm has shifted again – and smart enterprises are the ones who are recognising that and staying at least one jump ahead.

Top of Page


Gareth Green

AUTHOR BIOGRAPHY

Gareth Green,
Managing Director of Europe, Middle East & Africa

Netscreen Technologies
Prior to joining NetScreen, Green was a founder of sales accelerator specialist Congress Communications Plc. Congress helped launch over 20 U.S. start-ups into the EMEA region, including Arrowpoint (now Cisco), I-Pivot (now Intel), TopLayer, Juniper (Eastern Europe) and more recently NetScreen.
Telephone Number
Visit Company Web Site
View Buyers' Guide Entry

 

Print Article
View Articles in this Category
Home - Suppliers A-Z - Articles - Products and Services - News - Associations - Add Your Company - Contact Us      

Copyright 2002 Copybook Solutions LTD
All rights reserved. Reproduction in whole or in part without permission is strictly prohibited.
Site designed and hosted by .