Security
of enterprise networks has taken new dimensions over the last few years. The new
business paradigm puts pressure on businesses to get their employees to access
e-mail and the Internet. Business houses, today, are also required to enter into
electronic relationships with suppliers, vendors and other partners in the form
of VPNs and extranets. They also have to struggle to open their networks for the
outside world where computer viruses threaten to infiltrate. And, also compete
with the professional hackers and ‘script kiddies’ to lay their hands on
enterprise networks. At risk are expensive systems and theft of sensitive data.
About twenty-five years ago, managers of computing facilities were only
concerned of guarding their machines against the unauthorized users. As the
client-server model came into vogue, systems managers discovered that they had
to live with a few security holes in popular operating systems, which could
provide unauthorized access. While working on resources shared by other
computers was exciting, it also meant that TCP/IP introduced security concerns.
Measures like encryption, firewall and anti-virus solutions, coupled with good
old password protection were introduced. However, as such shared services were
limited, the potential for attacks was also low. In the present phase, the
challenges to network security have dramatically increased with the
proliferation of the Internet.
E-business may face threats of web site defacement, DoS, mail bombing,
spoofing, packet sniffing, etc. Viruses, worms and Trojan horses have the
potential to reformat hard disks, delete files or spawn new processes that cause
the entire network to crash.
Security against hacking and viruses should, ideally, be implemented at the
gateway level. It is essential that ISPs incorporate virus protection mechanisms
so that users’ networks are not exposed. Enterprises, in turn, should ensure
that users’ machines are not open to the threats from the Internet and the
mails through an anti-virus wall. The latest gizmos, which provide enterprises a
sense of security, are magnetic card keys, optical retina scanners and
fingerprint readers. But a random deployment of security solutions won’t do
the trick. Network security must be a proactive rather than a reactive. This
implies involvement of the top management along with the representatives of user
departments, besides the network managers.
The time has come for enterprises to conduct a careful assessment of threat
and deploy an optimal solution. Vulnerability analysis and risk assessment
should throw open areas that are critical. This should be followed by careful
selection of vendors to provide a solution but not before designing a security
policy, drafting procedures and standards. User requirements must be kept in
mind and system availability must be evaluated in conjunction with the need for
security. Complete security is ephemeral, thus it is better to pursue good
security now than better- than-perfect security later. Of course, the time
honoured principle of separating the roles so that people responsible for
implementing and running security systems should be separated from users. To
conclude, network security in the Internet era is as essential as your most
important business processes and requires a holistic approach in understanding
the risks and minimizing them.
Frank Leu, managing director, South Asia & South East Asia, Trend Micro