Soft on the Inside - Page 2

Jun 24, 2004

Allen Bernard

Single sign-on, for example, is great for employees tired of multiple passwords and the post-it notes they rely on to remember them, but it can lead to a wide open back-end once the initial password is breached. That is why node security is becoming more popular, but this is really just a smaller, more pervasive version of building walls. Intrusion prevention is the latest thinking in security and the reason RSA's business is booming, says Wilson.

The first level of defense, however, is still strong authentication. Wilson promotes a two-factor authentication schema that involves something you have, like an ATM card and something you know, like a PIN number. RSA sells a system where the user has a token of some kind -- the 'have' -- that syncs up to a system password generator that changes passwords every 60 seconds, and a static PIN number the employee remembers.

Using this system, the password changes every 60 seconds, providing a good layer of initial security, i.e. authentication. From there policies and procedures take over as well as node security and a system of checks and balances to ensure someone in marketing isn't accessing financial data and vice-versa.

Another reason the medieval mindset is no longer effective is the porous nature of most corporate networks, says Matt Kovar, an analyst with the Yankee Group in Boston.

"Companies and their applications are accessible through so many different network connections or application connections that there is almost no real defined perimeter any longer," says Kovar.

This why security vendors like Check Point Software Technologies are focusing more attention on 'rules-of-engagement' at the application layer. This is different from node security, which is basically a server-, or OS-, level perimeter defense, says Kovar. Application-layer security focuses on point-to-point connections within the network to see who is accessing what and if that access should be considered valid.

"That's the area where organizations are trying to identify. What are the patterns of communication that should be operating on their network and trying to identify what falls out of the norm," he says. "The application is where the new attacks are going. Are they outside? Are they inside? Many times the outside attack needs an inside accomplice, if you will, either witting or unwitting."

And once you connect to partners, vendors, suppliers and customers, the internal threats increase exponentially. Even though these groups are technically external to your company, access to the network brings them inside and makes them an internal threat.

So, while worms and viruses are problematic, and hackers are endemic to the Internet, these threats are really quite minor compared to the potentially more damaging insider threat. Rarely, according to experts, do hackers actually do much harm or steal. More than likely, planting their 'flag' to claim bragging rights is the justification for their efforts. Like it or not, employees, and lax or non-existent policies and procedures, can cause the most damage if left unchecked.

"What you need to do is think like a criminal," says RSA's Wilson, "and say 'If I were someone trying to do this, how would I do it?' And try to put in some policies, procedures, education, training, awareness, checks and balances, etc. to mitigate the risk."

Page 2 of 2


0 Comments (click to add your comment)
Comment and Contribute

Your comment has been submitted and is pending approval.



 (click to add your comment)

Comment and Contribute

Your name/nickname

Your email


(Maximum characters: 1200). You have characters left.