dentifying Vulnerabilities in Networked Systems

Ghosts in the machine. Spooks in the hard drive. It’s natural to worry about everything that can go wrong with the computers we work with – all the more so if those computers are part of a networked system. The arrival of the Information Age means that increasing amounts of critical business information are stored in such systems.

Surprisingly, though, many otherwise technology-savvy organizations still have a long way to go on the road to implementing appropriate security measures. IBM Corp. studies have pointed out that, while 86 per cent of companies in a recent survey used firewalls, 85 per cent had deployed antivirus software, and 74 per cent employed authentication procedures. Only 63 per cent of those surveyed used encryption software, and fewer than 50 per cent used intrusion detection technologies.

Those statistics point to the reality of vulnerabilities in networked systems, and to the inevitability of serious data loss incidents. Since data is often mission-critical to the successful business organization, the consequences can be significant.

Regardless of the cause of a data loss incident, the common denominator to system downtime is the high cost incurred. A survey in 2000 of 450 Fortune 1000 companies by the consulting firm Find/SVP found that the average outage across industries lasted four hours, at a cost of (US)$330,000. According to the survey, a typical company experienced nine outages per year, resulting in annual losses of almost (US)$3 million (excluding the cost of lost employee productivity).

Clearly, identifying and dealing with vulnerabilities is of critical importance. The first step in preventing unauthorized access to the network is the use of intrusion-detection technology, which can be defined as applications which actively monitor operating systems and network traffic for attacks and security breaches.

Intrusion-detection technologies come in two flavours: host-based systems, which use agents, and network-based systems, which use passive monitors. Host-based systems, which take a proactive approach, are deployed in the same manner as virus scanners or network management solutions – an agent is installed on all the system’s servers and a management console is used for reporting. Network-based systems sniff incoming traffic, comparing live traffic patterns to internal lists of attack signatures. Each approach has its own strengths and weaknesses.

In most cases, the cost of an intrusion-detection system can be justified for its forensic value alone. If a system is compromised and the logs are tainted, intrusion-detection system logs may save administrators days of digging.

But there are important steps that should be taken even before network intrusion systems are put in place. They’re based on technologically-savvy preparedness and old-fashioned common sense. What’s required is a strong foundation that can realistically improve security without wasting resources on ineffective security measures.

An appropriate disaster recovery plan is a basic prerequisite – this should be an overall strategy that addresses the technical and organizational factors involving security. That plan should begin with a comprehensive risk assessment analysis of the network, so that acceptable risk levels to the system and the organization can be determined. The results of that risk assessment analysis can then be used to develop and implement a suitable set of security policies and procedures to be used in guiding individuals and workgroups in the organization in the event of a network disruption. That information will allow decisions to be made as to which products and tools will be required by the organization to implement its security policies and procedures.

It’s not enough to simply buy “off the shelf” security software and distribute it to the organization’s systems administrators. That software’s configuration and management need not be tied directly to the particular security policies and procedures of the organization.

Ensuring adequate and appropriate network security is a long-term investment. And it’s an ongoing process, because at no pint can an organization say that every network vulnerability has been dealt with. There’s simply no such thing as “100 per cent secure.” However, the use of suitable network intrusion technologies, built around a carefully thought out business and technical security policy, will do wonders to give peace of mind – and allow the organization to go on doing business as it should.