Protecting your assets from hackers and viruses

(28/03/2002)

Iain Franklin is European VP of Entercept Security Technologies. In this article he looks at how a company can protect its server and vital corporate data by establishing a layered security policy.

A recent report by AMR Research, ‘Enabling Technology Spending Report, 2002-2003’ shows that security, once again, ranks as one of the top three IT technology investment areas. Even in the tight current economic climate, companies are aware that failing to protect their network from hackers, viruses and malicious activity can be seriously damaging to their business. It can affect the company’s ability to continue operating on a day-to-day basis, cause severe financial damage and can also irrevocably damage its reputation.

With the steady growth in the number of websites and increasing levels of online trading, the web servers and applications which enable online activity must be heavily protected. Website defacement, denial of service attacks and browser-based hacks all leave the web server at best non-operational, and at worst with vital data destroyed or compromised. These attacks can have severe repercussions - the effects of a hacker’s defacement are all too clear to customers, partners and investors, damaging the business’s reputation. Web server and application protection must be chosen carefully, which means that IT managers and network managers must understand the strengths and weaknesses of different types of security tools.

When companies are asked to look at the question of security, they tend to think of firewalls. However, the assumption that the adoption of a firewall provides a safe working environment within the network is now out of date. Hackers prove this daily. Most traditional security is focussed on perimeter security such as firewalls and network-based systems. Hackers unfortunately are not. They know firewall and network security can be easily fooled so they focus on servers and their contents. Yet crucially internet capabilities are managed through the company’s servers. If these are not secured, any other security tool makes no difference to the security of private information held online.

Companies need preventative security, particularly around the host, where information is more vulnerable. A strong security system will be built up from several layers which specialise in protecting specific parts of the enterprise. Perimeter protection tools can be combined with systems that protect the network and the host to create an impenetrable barrier.

Firewalls are the main perimeter protection tools determining which ports into the corporate network are left open. Some ports must be left open to allow through corporate email and internet traffic, yet open ports allow hackers to bypass the firewall, break into the server and exploit its vulnerabilities. Firewalls need specialist management as they produce a large amount of log data, which has to be analysed correctly and acted upon if the firewall is to be effective. This requires specialist security experts to be on hand 24 hours a day.

Intrusion detection products are needed to complement perimeter security and are used to identify attacks which have passed through the firewall. There are two main variations of this solution: network-based intrusion detection systems (NIDS) and host-based (HIDS). Both types of system detect activity that looks malicious and log it so that manual action can be taken. In most cases the hack reaches its intended destination before it can be interpreted by the security system. Again a highly-qualified specialist must be available to monitor the reports 24 hours per day in order to deal with attack recognition and to organise system repair. This does give qualified security staff some control over the systems but only after the attack has been made.

Patching is normally recommended by the server operating system vendors as the conventional way to close exploited vulnerabilities in their software. What is not always realised is that the patches are only ever available after the vulnerability has been found and of course often widely exploited. The huge impact of Code Red and Nimda worm attacks on servers leaves us in no doubt on this point.

Intrusion prevention systems add the essential layer of security to protect the host and applications. The aim of the system is to detect attacks that penetrate the firewall and other detection systems, and to proactively prevent them without human intervention before any damage can occur. Intrusion prevention protects at the heart of the operating system preventing malicious code from running on the server. It matches activity within the server to a series of 'rule sets' allowing only authorised activity to be processed. It can also shield a Web server application from unknown attacks by prohibiting certain types of activity. This ensures that web pages for example cannot be defaced by the use of any other application or an unauthorised user.

Intrusion prevention technology is becoming widely used to complement network security as different levels of defence can be set according to the activity expected on the network. This eliminates any limitations that might be imposed on day-to-day business activity.

The key to vastly improved security is to layer host-based and perimeter tools, and to implement up to date security technology to stay ahead of the hacking community. Companies can no longer rely solely on firewalls and the patches that are issued for their operating systems. But as we have seen, protecting your assets need not be as complicated as it sounds.

Note to readers: Entercept Security Technologies develops server security products that prevent attacks to servers and operating systems. Based on patented technology, Entercept safeguards the entire server by preventing known and unknown malicious attacks.

Related topics:  Security industry 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources